View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.user.authentication;
35  
36  import fr.paris.lutece.test.LuteceTestCase;
37  import fr.paris.lutece.util.password.IPassword;
38  
39  public class PasswordFactoryTest extends LuteceTestCase
40  {
41      public void testGetPasswordIncorrectFormat( )
42      {
43          PasswordFactory passwordFactory = new PasswordFactory( );
44          try
45          {
46              passwordFactory.getPassword( "FOO" );
47              fail( );
48          }
49          catch( IllegalArgumentException e )
50          {
51          }
52      }
53  
54      public void testGetPasswordUnknownFormat( )
55      {
56          PasswordFactory passwordFactory = new PasswordFactory( );
57          try
58          {
59              passwordFactory.getPassword( "FOO:BAR" );
60              fail( );
61          }
62          catch( IllegalArgumentException e )
63          {
64          }
65      }
66  
67      public void testGetPasswordPlaintext( )
68      {
69          PasswordFactory passwordFactory = new PasswordFactory( );
70          IPassword password = passwordFactory.getPassword( "PLAINTEXT:PASSWORD" );
71          assertEquals( true, password.check( "PASSWORD" ) );
72          assertEquals( false, password.check( "BAR" ) );
73          assertTrue( password.isLegacy( ) );
74          try
75          {
76              password.getStorableRepresentation( );
77              fail( );
78          }
79          catch( UnsupportedOperationException e )
80          {
81          }
82      }
83  
84      public void testGetPasswordMD5( )
85      {
86          PasswordFactory passwordFactory = new PasswordFactory( );
87          IPassword password = passwordFactory.getPassword( "MD5:319f4d26e3c536b5dd871bb2c52e3178" );
88          assertEquals( true, password.check( "PASSWORD" ) );
89          assertEquals( false, password.check( "BAR" ) );
90          assertTrue( password.isLegacy( ) );
91          try
92          {
93              password.getStorableRepresentation( );
94              fail( );
95          }
96          catch( UnsupportedOperationException e )
97          {
98          }
99      }
100 
101     public void testGetPasswordSHA1( )
102     {
103         PasswordFactory passwordFactory = new PasswordFactory( );
104         IPassword password = passwordFactory.getPassword( "SHA-1:112bb791304791ddcf692e29fd5cf149b35fea37" );
105         assertEquals( true, password.check( "PASSWORD" ) );
106         assertEquals( false, password.check( "BAR" ) );
107         assertTrue( password.isLegacy( ) );
108         try
109         {
110             password.getStorableRepresentation( );
111             fail( );
112         }
113         catch( UnsupportedOperationException e )
114         {
115         }
116     }
117 
118     public void testGetPasswordSHA256( )
119     {
120         PasswordFactory passwordFactory = new PasswordFactory( );
121         IPassword password = passwordFactory.getPassword( "SHA-256:0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60" );
122         assertEquals( true, password.check( "PASSWORD" ) );
123         assertEquals( false, password.check( "BAR" ) );
124         assertTrue( password.isLegacy( ) );
125         try
126         {
127             password.getStorableRepresentation( );
128             fail( );
129         }
130         catch( UnsupportedOperationException e )
131         {
132         }
133     }
134 
135     public void testGetPasswordPBKDF2WithHmacSHA1( )
136     {
137         PasswordFactory passwordFactory = new PasswordFactory( );
138         String storedPassword = "PBKDF2:40000:c2d05d21e68313aaf55cf16751c53dd9:da09ad1888f548ddf5f2cb0a0b9904aaf547e4b6722d4e04ac75dab73b87d379"
139                 + "be5b312a50b15c2dcdd9b745b616492c85a8e8e4a8b75e8abf1b99507680e30befb6bfdc9b3e0493dcccc43be6dcc24be3015bf966a66797047d75b938784921"
140                 + "710b0de6e3643cc8088ec7315e1e03c91250b5c4a65de8adb0a7351a1564bbb7";
141         IPassword password = passwordFactory.getPassword( storedPassword );
142         assertEquals( true, password.check( "PASSWORD" ) );
143         assertEquals( false, password.check( "BAR" ) );
144         assertTrue( password.isLegacy( ) );
145         try
146         {
147             password.getStorableRepresentation( );
148             fail( );
149         }
150         catch( UnsupportedOperationException e )
151         {
152         }
153     }
154 
155     public void testGetPasswordPBKDF2WithHmacSHA512UpgradeIterations( )
156     {
157         PasswordFactory passwordFactory = new PasswordFactory( );
158         String storedPassword = "PBKDF2WITHHMACSHA512:30000:ac08c57a261dc5db09de2b689b0c55bf:96340dad8137a023c7888245c4221acf18bfaf9f69dfff4c34b"
159                 + "0da4f8cc5b2a8959b0552312dd3dccff002ad765fc7bef6429c4dd3760ad68b53a0323d1464d41d74271b1f0fccd80e94b99b5e4323ffc67109d5917cccf5"
160                 + "e74641cd7059e88671bd58ee40223fb2051968dea450cc9806546f98798c5b6ed3b3f5d44b51e03f";
161         IPassword password = passwordFactory.getPassword( storedPassword );
162         assertEquals( true, password.check( "PASSWORD" ) );
163         assertEquals( false, password.check( "BAR" ) );
164         assertTrue( "Password stored with less iterations than the default should be marked as legacy so that it is upgraded", password.isLegacy( ) );
165     }
166 
167     public void testGetPasswordPBKDF2WithHmacSHA512( )
168     {
169         PasswordFactory passwordFactory = new PasswordFactory( );
170         String storedPassword = "PBKDF2WITHHMACSHA512:210000:f89603fe9d91a8e622a86a927ecf13db:95c00213d61d4b6b8d5200b578a9a5bdb8d70fbb249e6f956d7"
171                 + "6c84af02c9c37260dee41e2ec8d7fb4c51b85f36025d729ce453fe169f9a688ebaf2efeb61a7934c419e76576d885411fd87a71408517952e56a33ad03f5a1"
172                 + "b9cf33311cd6b4767b164fda39c4cb2f942f9d360cfcf1498dd850536dc8447e94cb815b888ae2a";
173         IPassword password = passwordFactory.getPassword( storedPassword );
174         assertEquals( true, password.check( "PASSWORD" ) );
175         assertEquals( false, password.check( "BAR" ) );
176         assertFalse( password.isLegacy( ) );
177         assertEquals( storedPassword, password.getStorableRepresentation( ) );
178     }
179 
180     public void testGetPasswordFromCleartext( )
181     {
182         PasswordFactory passwordFactory = new PasswordFactory( );
183         IPassword password = passwordFactory.getPasswordFromCleartext( "PASSWORD" );
184         assertFalse( password.isLegacy( ) );
185         assertFalse( password.getStorableRepresentation( ).equals( passwordFactory.getPasswordFromCleartext( "PASSWORD" ).getStorableRepresentation( ) ) );
186     }
187 
188     public void testGetDummyPassword( )
189     {
190         PasswordFactory passwordFactory = new PasswordFactory( );
191         IPassword password = passwordFactory.getDummyPassword( );
192         assertEquals( false, password.check( "PASSWORD" ) );
193         assertEquals( false, password.check( "BAR" ) );
194         assertEquals( false, password.check( "\0" ) );
195         assertEquals( false, password.check( "" ) );
196         assertFalse( password.isLegacy( ) );
197         try
198         {
199             password.getStorableRepresentation( );
200             fail( );
201         }
202         catch( UnsupportedOperationException e )
203         {
204         }
205     }
206 }