1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.encoding;
17  
18  import junit.framework.TestCase;
19  
20  import org.springframework.dao.DataAccessException;
21  
22  
23  /***
24   * <p>
25   * TestCase for BasePasswordEncoder.
26   * </p>
27   *
28   * @author Ben Alex
29   * @version $Id: BasePasswordEncoderTests.java,v 1.3 2005/11/17 00:56:08 benalex Exp $
30   */
31  public class BasePasswordEncoderTests extends TestCase {
32      //~ Methods ================================================================
33  
34      public void testDemergeHandlesEmptyAndNullSalts() {
35          MockPasswordEncoder pwd = new MockPasswordEncoder();
36  
37          String merged = pwd.nowMergePasswordAndSalt("password", null, true);
38  
39          String[] demerged = pwd.nowDemergePasswordAndSalt(merged);
40          assertEquals("password", demerged[0]);
41          assertEquals("", demerged[1]);
42  
43          merged = pwd.nowMergePasswordAndSalt("password", "", true);
44  
45          demerged = pwd.nowDemergePasswordAndSalt(merged);
46          assertEquals("password", demerged[0]);
47          assertEquals("", demerged[1]);
48      }
49  
50      public void testDemergeWithEmptyStringIsRejected() {
51          MockPasswordEncoder pwd = new MockPasswordEncoder();
52  
53          try {
54              pwd.nowDemergePasswordAndSalt("");
55              fail("Should have thrown IllegalArgumentException");
56          } catch (IllegalArgumentException expected) {
57              assertEquals("Cannot pass a null or empty String",
58                  expected.getMessage());
59          }
60      }
61  
62      public void testDemergeWithNullIsRejected() {
63          MockPasswordEncoder pwd = new MockPasswordEncoder();
64  
65          try {
66              pwd.nowDemergePasswordAndSalt(null);
67              fail("Should have thrown IllegalArgumentException");
68          } catch (IllegalArgumentException expected) {
69              assertEquals("Cannot pass a null or empty String",
70                  expected.getMessage());
71          }
72      }
73  
74      public void testMergeDemerge() {
75          MockPasswordEncoder pwd = new MockPasswordEncoder();
76  
77          String merged = pwd.nowMergePasswordAndSalt("password", "foo", true);
78          assertEquals("password{foo}", merged);
79  
80          String[] demerged = pwd.nowDemergePasswordAndSalt(merged);
81          assertEquals("password", demerged[0]);
82          assertEquals("foo", demerged[1]);
83      }
84  
85      public void testMergeDemergeWithDelimitersInPassword() {
86          MockPasswordEncoder pwd = new MockPasswordEncoder();
87  
88          String merged = pwd.nowMergePasswordAndSalt("p{ass{w{o}rd", "foo", true);
89          assertEquals("p{ass{w{o}rd{foo}", merged);
90  
91          String[] demerged = pwd.nowDemergePasswordAndSalt(merged);
92  
93          assertEquals("p{ass{w{o}rd", demerged[0]);
94          assertEquals("foo", demerged[1]);
95      }
96  
97      public void testMergeDemergeWithNullAsPassword() {
98          MockPasswordEncoder pwd = new MockPasswordEncoder();
99  
100         String merged = pwd.nowMergePasswordAndSalt(null, "foo", true);
101         assertEquals("{foo}", merged);
102 
103         String[] demerged = pwd.nowDemergePasswordAndSalt(merged);
104         assertEquals("", demerged[0]);
105         assertEquals("foo", demerged[1]);
106     }
107 
108     public void testStrictMergeRejectsDelimitersInSalt1() {
109         MockPasswordEncoder pwd = new MockPasswordEncoder();
110 
111         try {
112             pwd.nowMergePasswordAndSalt("password", "f{oo", true);
113             fail("Should have thrown IllegalArgumentException");
114         } catch (IllegalArgumentException expected) {
115             assertEquals("Cannot use { or } in salt.toString()",
116                 expected.getMessage());
117         }
118     }
119 
120     public void testStrictMergeRejectsDelimitersInSalt2() {
121         MockPasswordEncoder pwd = new MockPasswordEncoder();
122 
123         try {
124             pwd.nowMergePasswordAndSalt("password", "f}oo", true);
125             fail("Should have thrown IllegalArgumentException");
126         } catch (IllegalArgumentException expected) {
127             assertEquals("Cannot use { or } in salt.toString()",
128                 expected.getMessage());
129         }
130     }
131 
132     //~ Inner Classes ==========================================================
133 
134     private class MockPasswordEncoder extends BasePasswordEncoder {
135         public boolean isPasswordValid(String encPass, String rawPass,
136             Object salt) throws DataAccessException {
137             throw new UnsupportedOperationException(
138                 "mock method not implemented");
139         }
140 
141         public String encodePassword(String rawPass, Object salt)
142             throws DataAccessException {
143             throw new UnsupportedOperationException(
144                 "mock method not implemented");
145         }
146 
147         public String[] nowDemergePasswordAndSalt(String password) {
148             return demergePasswordAndSalt(password);
149         }
150 
151         public String nowMergePasswordAndSalt(String password, Object salt,
152             boolean strict) {
153             return mergePasswordAndSalt(password, salt, strict);
154         }
155     }
156 }