Hi,
this is my first mail to this mailing list and hopefully this is the
right place to address my case.
I've found what I consider a bug in module kerb-common of release Apache
Kerby 2.0.2 in class
org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method
orderEtypesByStrength(List<EncryptionType>).
I have written a JUnit test case where the method gets a list of four
EncryptionType(s) and returns an ordered list of five EncryptionType(s)
- java.lang.AssertionError: expected:<4> but was <5>:
/**
*
*/
package org.apache.kerby.kerberos.kerb.common;
import static org.junit.Assert.assertEquals;
import java.util.Arrays;
import java.util.List;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.junit.Test;
/**
* Testing class {@link EncryptionUtil}.
*
* @author LarsFroböse
*/
public class EncryptionUtilTest {
/**
* Test method for
* {@link
org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}.
*/
@Test
public void testOrderEtypesByStrength() {
List<EncryptionType> encryptionTypeList = Arrays
.asList(new EncryptionType[]
{EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96,
EncryptionType.ARCFOUR_HMAC,
EncryptionType.AES256_CTS_HMAC_SHA1_96});
List<EncryptionType> orderedEncryptionTypeList =
EncryptionUtil.orderEtypesByStrength(encryptionTypeList);
// If list is only ordered, resulting list should have as many
elements as
// original list, right ?
assertEquals(encryptionTypeList.size(),
orderedEncryptionTypeList.size());
assertEquals(orderedEncryptionTypeList.get(0),
EncryptionType.ARCFOUR_HMAC);
assertEquals(orderedEncryptionTypeList.get(1),
EncryptionType.AES256_CTS_HMAC_SHA1_96);
assertEquals(orderedEncryptionTypeList.get(2),
EncryptionType.AES128_CTS_HMAC_SHA1_96);
assertEquals(orderedEncryptionTypeList.get(3),
EncryptionType.DES3_CBC_SHA1);
}
}
This "behaviour" is causing trouble when this method is executed by my
application using Apache Kerby.
I suggest the following fix which passes the above JUnit test and lets
my application run flawlessly with a local Apache Kerby version
including this fix.
In method orderEtypesByStrength(List<EncryptionType>) of class
org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&&
!ordered.contains(encType)" in the methods if-statement:
/**
* Order a list of EncryptionType in a decreasing strength order
*
* @param etypes The ETypes to order
* @return A list of ordered ETypes. The strongest is on the left.
*/
public static List<EncryptionType>
orderEtypesByStrength(List<EncryptionType> etypes) {
List<EncryptionType> ordered = new ArrayList<>(etypes.size());
for (String algo : CIPHER_ALGO_MAP.values()) {
for (EncryptionType encType : etypes) {
String foundAlgo = getAlgoNameFromEncType(encType);
if (algo.equals(foundAlgo) && !ordered.contains(encType)) {
ordered.add(encType);
}
}
}
return ordered;
}
Regards,
Lars Froböse
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
