unit tests coverage

Coverage report

%line %branch

org.apache.jetspeed.security.util.PBEPasswordTool
0%

0%

1
/*

2
* Licensed to the Apache Software Foundation (ASF) under one or more

3
* contributor license agreements. See the NOTICE file distributed with

4
* this work for additional information regarding copyright ownership.

5
* The ASF licenses this file to You under the Apache License, Version 2.0

6
* (the "License"); you may not use this file except in compliance with

7
* the License. You may obtain a copy of the License at

8
*

9
* http://www.apache.org/licenses/LICENSE-2.0

10
*

11
* Unless required by applicable law or agreed to in writing, software

12
* distributed under the License is distributed on an "AS IS" BASIS,

13
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

14
* See the License for the specific language governing permissions and

15
* limitations under the License.

16
*/

17
package org.apache.jetspeed.security.util;

18

19
import java.security.NoSuchAlgorithmException;

20
import java.security.spec.InvalidKeySpecException;

21

22
import javax.crypto.Cipher;

23
import javax.crypto.SecretKey;

24
import javax.crypto.SecretKeyFactory;

25
import javax.crypto.spec.PBEKeySpec;

26
import javax.crypto.spec.PBEParameterSpec;

27

28
import org.apache.commons.codec.binary.Base64;

29
import org.apache.jetspeed.security.SecurityException;

30

31
/**

32
* <p>

33
* PBEPasswordTool encodes and decodes user passwords using Password Based encryptionl

34
* </p>

35
*

36
* @author <a href="mailto:ate@douma.nu">Ate Douma</a>

37
* @version $Id$

38
*/

39
public class PBEPasswordTool

40
{

41
// PKCS #5 (PBE) algoritm

42
private static final String CIPHER_ALGORITM = "PBEwithMD5andDES";

43
// PKCS #5 iteration count is advised to be at least 1000

44
private static final int PKCS_5_ITERATIONCOUNT = 1111;

45
// pseudo random base salt which will be overlayed with userName.getBytes()

46 0
private static final byte[] PKCS_5_BASE_SALT = {(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32, (byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03};

47

48
// PBE cipher

49
private SecretKey pbeKey;

50

51
public PBEPasswordTool(String pbePassword) throws InvalidKeySpecException, NoSuchAlgorithmException

52 0
{

53 0
pbeKey = SecretKeyFactory.getInstance(CIPHER_ALGORITM).generateSecret(new PBEKeySpec(pbePassword.toCharArray()));

54 0
}

55

56
/* (non-Javadoc)

57
* @see org.apache.jetspeed.security.spi.CredentialPasswordEncoder#encode(java.lang.String, java.lang.String)

58
* @see org.apache.jetspeed.security.PasswordEncodingService#encode(java.lang.String, java.lang.String)

59
*/

60
public String encode(String userName, String clearTextPassword) throws SecurityException

61
{

62
try

63
{

64
// prevent dictionary attacks as well as copying of encoded passwords by using the userName as salt

65 0
PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT);

66

67 0
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM);

68 0
cipher.init(Cipher.ENCRYPT_MODE,pbeKey,cipherSpec);

69

70 0
return new String(Base64.encodeBase64(cipher.doFinal(clearTextPassword.getBytes("UTF-8"))), "UTF-8");

71
}

72 0
catch (Exception e)

73
{

74 0
throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","encode",e.getMessage()), e);

75
}

76
}

77

78
/* (non-Javadoc)

79
* @see org.apache.jetspeed.security.PasswordEncodingService#decode(java.lang.String, java.lang.String)

80
*/

81
public String decode(String userName, String encodedPassword) throws SecurityException

82
{

83
try

84
{

85
// prevent dictionary attacks as well as copying of encoded passwords by using the userName as salt

86 0
PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT);

87

88 0
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM);

89 0
cipher.init(Cipher.DECRYPT_MODE,pbeKey,cipherSpec);

90

91 0
return new String(cipher.doFinal(Base64.decodeBase64(encodedPassword.getBytes("UTF-8"))), "UTF-8");

92
}

93 0
catch (Exception e)

94
{

95 0
throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","decode",e.getMessage()), e);

96
}

97
}

98

99
/*

100
* Create a PCKS #5 salt using the BASE_PCKS_5_SALT overlayed with the provided secret parameter

101
*/

102
private byte[] createSalt(byte[] secret)

103
{

104 0
byte[] salt = new byte[PKCS_5_BASE_SALT.length];

105 0
int i = 0;

106 0
for (;i < salt.length && i < secret.length; i++)

107
{

108 0
salt[i] = secret[i];

109
}

110 0
for (; i < salt.length; i++)

111
{

112 0
salt[i] = PKCS_5_BASE_SALT[i];

113
}

114 0
return salt;

115
}

116

117
public static void main(String args[]) throws Exception

118
{

119 0
if (args.length != 4 || (!args[0].equals("encode") && !args[0].equals("decode")))

120
{

121 0
System.err.println("Encode/Decode a user password using Password Based Encryption");

122 0
System.err.println("Usage: PBEPasswordTool <encode|decode> <encoding-password> <username> <password>");

123 0
System.err.println(" encode|decode : specify if to encode or decode the provided password");

124 0
System.err.println(" encoding-password: the password to be used for encoding and decoding");

125 0
System.err.println(" username : the name of the user to which the provided password belongs");

126 0
System.err.println(" password : the cleartext password to encode, or the encoded password to decode\n");

127
}

128 0
else if (args[0].toLowerCase().equals("encode"))

129
{

130 0
System.out.println("Encoded password: "+new PBEPasswordTool(args[1]).encode(args[2],args[3]));

131
}

132
else

133
{

134 0
System.out.println("Decoded password: "+new PBEPasswordTool(args[1]).decode(args[2],args[3]));

135
}

136 0
}

137
}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.security.util;
18
19		import java.security.NoSuchAlgorithmException;
20		import java.security.spec.InvalidKeySpecException;
21
22		import javax.crypto.Cipher;
23		import javax.crypto.SecretKey;
24		import javax.crypto.SecretKeyFactory;
25		import javax.crypto.spec.PBEKeySpec;
26		import javax.crypto.spec.PBEParameterSpec;
27
28		import org.apache.commons.codec.binary.Base64;
29		import org.apache.jetspeed.security.SecurityException;
30
31		/**
32		* <p>
33		* PBEPasswordTool encodes and decodes user passwords using Password Based encryptionl
34		* </p>
35		*
36		* @author <a href="mailto:ate@douma.nu">Ate Douma</a>
37		* @version $Id$
38		*/
39		public class PBEPasswordTool
40		{
41		// PKCS #5 (PBE) algoritm
42		private static final String CIPHER_ALGORITM = "PBEwithMD5andDES";
43		// PKCS #5 iteration count is advised to be at least 1000
44		private static final int PKCS_5_ITERATIONCOUNT = 1111;
45		// pseudo random base salt which will be overlayed with userName.getBytes()
46	0	private static final byte[] PKCS_5_BASE_SALT = {(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32, (byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03};
47
48		// PBE cipher
49		private SecretKey pbeKey;
50
51		public PBEPasswordTool(String pbePassword) throws InvalidKeySpecException, NoSuchAlgorithmException
52	0	{
53	0	pbeKey = SecretKeyFactory.getInstance(CIPHER_ALGORITM).generateSecret(new PBEKeySpec(pbePassword.toCharArray()));
54	0	}
55
56		/* (non-Javadoc)
57		* @see org.apache.jetspeed.security.spi.CredentialPasswordEncoder#encode(java.lang.String, java.lang.String)
58		* @see org.apache.jetspeed.security.PasswordEncodingService#encode(java.lang.String, java.lang.String)
59		*/
60		public String encode(String userName, String clearTextPassword) throws SecurityException
61		{
62		try
63		{
64		// prevent dictionary attacks as well as copying of encoded passwords by using the userName as salt
65	0	PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT);
66
67	0	Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM);
68	0	cipher.init(Cipher.ENCRYPT_MODE,pbeKey,cipherSpec);
69
70	0	return new String(Base64.encodeBase64(cipher.doFinal(clearTextPassword.getBytes("UTF-8"))), "UTF-8");
71		}
72	0	catch (Exception e)
73		{
74	0	throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","encode",e.getMessage()), e);
75		}
76		}
77
78		/* (non-Javadoc)
79		* @see org.apache.jetspeed.security.PasswordEncodingService#decode(java.lang.String, java.lang.String)
80		*/
81		public String decode(String userName, String encodedPassword) throws SecurityException
82		{
83		try
84		{
85		// prevent dictionary attacks as well as copying of encoded passwords by using the userName as salt
86	0	PBEParameterSpec cipherSpec = new PBEParameterSpec(createSalt(userName.getBytes("UTF-8")), PKCS_5_ITERATIONCOUNT);
87
88	0	Cipher cipher = Cipher.getInstance(CIPHER_ALGORITM);
89	0	cipher.init(Cipher.DECRYPT_MODE,pbeKey,cipherSpec);
90
91	0	return new String(cipher.doFinal(Base64.decodeBase64(encodedPassword.getBytes("UTF-8"))), "UTF-8");
92		}
93	0	catch (Exception e)
94		{
95	0	throw new SecurityException(SecurityException.UNEXPECTED.create("PBEPasswordTool","decode",e.getMessage()), e);
96		}
97		}
98
99		/*
100		* Create a PCKS #5 salt using the BASE_PCKS_5_SALT overlayed with the provided secret parameter
101		*/
102		private byte[] createSalt(byte[] secret)
103		{
104	0	byte[] salt = new byte[PKCS_5_BASE_SALT.length];
105	0	int i = 0;
106	0	for (;i < salt.length && i < secret.length; i++)
107		{
108	0	salt[i] = secret[i];
109		}
110	0	for (; i < salt.length; i++)
111		{
112	0	salt[i] = PKCS_5_BASE_SALT[i];
113		}
114	0	return salt;
115		}
116
117		public static void main(String args[]) throws Exception
118		{
119	0	if (args.length != 4 \|\| (!args[0].equals("encode") && !args[0].equals("decode")))
120		{
121	0	System.err.println("Encode/Decode a user password using Password Based Encryption");
122	0	System.err.println("Usage: PBEPasswordTool <encode\|decode> <encoding-password> <username> <password>");
123	0	System.err.println(" encode\|decode : specify if to encode or decode the provided password");
124	0	System.err.println(" encoding-password: the password to be used for encoding and decoding");
125	0	System.err.println(" username : the name of the user to which the provided password belongs");
126	0	System.err.println(" password : the cleartext password to encode, or the encoded password to decode\n");
127		}
128	0	else if (args[0].toLowerCase().equals("encode"))
129		{
130	0	System.out.println("Encoded password: "+new PBEPasswordTool(args[1]).encode(args[2],args[3]));
131		}
132		else
133		{
134	0	System.out.println("Decoded password: "+new PBEPasswordTool(args[1]).decode(args[2],args[3]));
135		}
136	0	}
137		}