1 files changed, 137 insertions, 0 deletions
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java
new file mode 100644
index 0000000000..3c5ed1d6c2
--- /dev/null
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java
@@ -0,0 +1,137 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.server.security.auth.sasl;
+
+import junit.framework.TestCase;
+import org.apache.qpid.server.security.auth.database.PropertiesPrincipalDatabase;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Properties;
+
+/**
+ * These tests ensure that the Hex wrapping that the initialiser performs does actually operate when the handle method is called.
+ */
+public class CRAMMD5HexInitialiserTest extends TestCase
+{
+    public void testHex()
+    {
+        //Create User details for testing
+        String user = "testUser";
+        String password = "testPassword";
+
+        perform(user, password);
+    }
+
+    public void testHashedHex()
+    {
+        //Create User details for testing
+        String user = "testUser";
+        String password = "testPassword";
+
+        //Create a hashed password that we then attempt to put through the call back mechanism.
+        try
+        {
+            password = new String(MessageDigest.getInstance("MD5").digest(password.getBytes()));
+        }
+        catch (NoSuchAlgorithmException e)
+        {
+            fail(e.getMessage());
+        }
+
+        perform(user, password);
+    }
+
+    public void perform(String user, String password)
+    {
+        CRAMMD5HexInitialiser initialiser = new CRAMMD5HexInitialiser();
+
+        //Use properties to create a PrincipalDatabase
+        Properties users = new Properties();
+        users.put(user, password);
+
+        PropertiesPrincipalDatabase db = new PropertiesPrincipalDatabase(users);
+
+        initialiser.initialise(db);
+
+        //setup the callbacks
+        PasswordCallback passwordCallback = new PasswordCallback("password:", false);
+        NameCallback usernameCallback = new NameCallback("user:", user);
+
+        Callback[] callbacks = new Callback[]{usernameCallback, passwordCallback};
+
+        //Check the
+        try
+        {
+            assertNull("The password was not null before the handle call.", passwordCallback.getPassword());
+            initialiser.getCallbackHandler().handle(callbacks);
+        }
+        catch (IOException e)
+        {
+            fail(e.getMessage());
+        }
+        catch (UnsupportedCallbackException e)
+        {
+            fail(e.getMessage());
+        }
+
+        //Hex the password we initialised with and compare it with the passwordCallback
+        assertArrayEquals(toHex(password.toCharArray()), passwordCallback.getPassword());
+    }
+
+    private void assertArrayEquals(char[] expected, char[] actual)
+    {        
+        assertEquals("Arrays are not the same length", expected.length, actual.length);
+
+        for (int index = 0; index < expected.length; index++)
+        {
+            assertEquals("Characters are not equal", expected[index], actual[index]);
+        }
+    }
+
+    private char[] toHex(char[] password)
+    {
+        StringBuilder sb = new StringBuilder();
+        for (char c : password)
+        {
+            //toHexString does not prepend 0 so we have to
+            if (((byte) c > -1) && (byte) c < 10)
+            {
+                sb.append(0);
+            }
+
+            sb.append(Integer.toHexString(c & 0xFF));
+        }
+
+        //Extract the hex string as char[]
+        char[] hex = new char[sb.length()];
+
+        sb.getChars(0, sb.length(), hex, 0);
+
+        return hex;
+    }
+}