From a546246fc11e560fb0cce648e07919bc3b858e79 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Tue, 29 Nov 2016 20:11:03 +0100 Subject: [PATCH] fix wrong key usage during encoding in DefaultCipherHandler, see issue #887 --- .../scm/security/DefaultCipherHandler.java | 2 +- .../security/DefaultCipherHandlerTest.java | 63 +++++++++++++++++++ 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 scm-core/src/test/java/sonia/scm/security/DefaultCipherHandlerTest.java diff --git a/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java b/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java index 4b82563687..0edc77009c 100644 --- a/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java +++ b/scm-core/src/main/java/sonia/scm/security/DefaultCipherHandler.java @@ -251,7 +251,7 @@ public class DefaultCipherHandler implements CipherHandler random.nextBytes(salt); IvParameterSpec iv = new IvParameterSpec(salt); - SecretKey secretKey = buildSecretKey(key); + SecretKey secretKey = buildSecretKey(plainKey); javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CIPHER_TYPE); cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, secretKey, iv); diff --git a/scm-core/src/test/java/sonia/scm/security/DefaultCipherHandlerTest.java b/scm-core/src/test/java/sonia/scm/security/DefaultCipherHandlerTest.java new file mode 100644 index 0000000000..95414d5f71 --- /dev/null +++ b/scm-core/src/test/java/sonia/scm/security/DefaultCipherHandlerTest.java @@ -0,0 +1,63 @@ +/** + * Copyright (c) 2014, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + +package sonia.scm.security; + +import org.junit.Test; +import static org.junit.Assert.*; + +/** + * Unit tests for {@link DefaultCipherHandler}. + * + * @author Sebastian Sdorra + */ +public class DefaultCipherHandlerTest { + + /** + * Test encode and decode method with a separate key. + */ + @Test + public void testEncodeDecodeWithSeparateKey(){ + char[] key = "testkey".toCharArray(); + DefaultCipherHandler cipher = new DefaultCipherHandler("somekey"); + assertEquals("hallo123", cipher.decode(key, cipher.encode(key, "hallo123"))); + } + + /** + * Test encode and decode method with the default key. + */ + @Test + public void testEncodeDecodeWithDefaultKey() { + DefaultCipherHandler cipher = new DefaultCipherHandler("testkey"); + assertEquals("hallo123", cipher.decode(cipher.encode("hallo123"))); + } + +} \ No newline at end of file