Hi Lars, Could you submit a pull request for this against https://github.com/apache/directory-kerby ?
Colm. On Sat, Jul 16, 2022 at 1:23 PM Lars Froböse <[email protected]> wrote: > > Hi, > this is my first mail to this mailing list and hopefully this is the > right place to address my case. > > I've found what I consider a bug in module kerb-common of release Apache > Kerby 2.0.2 in class > org.apache.kerby.kerberos.kerb.common.EncryptionUtil in method > orderEtypesByStrength(List<EncryptionType>). > > I have written a JUnit test case where the method gets a list of four > EncryptionType(s) and returns an ordered list of five EncryptionType(s) > - java.lang.AssertionError: expected:<4> but was <5>: > > /** > * > */ > package org.apache.kerby.kerberos.kerb.common; > > import static org.junit.Assert.assertEquals; > > import java.util.Arrays; > import java.util.List; > > import org.apache.kerby.kerberos.kerb.type.base.EncryptionType; > import org.junit.Test; > > /** > * Testing class {@link EncryptionUtil}. > * > * @author LarsFroböse > */ > public class EncryptionUtilTest { > /** > * Test method for > * {@link > org.apache.kerby.kerberos.kerb.common.EncryptionUtil#orderEtypesByStrength(java.util.List)}. > */ > @Test > public void testOrderEtypesByStrength() { > List<EncryptionType> encryptionTypeList = Arrays > .asList(new EncryptionType[] > {EncryptionType.DES3_CBC_SHA1, EncryptionType.AES128_CTS_HMAC_SHA1_96, > EncryptionType.ARCFOUR_HMAC, > EncryptionType.AES256_CTS_HMAC_SHA1_96}); > List<EncryptionType> orderedEncryptionTypeList = > EncryptionUtil.orderEtypesByStrength(encryptionTypeList); > // If list is only ordered, resulting list should have as many > elements as > // original list, right ? > assertEquals(encryptionTypeList.size(), > orderedEncryptionTypeList.size()); > assertEquals(orderedEncryptionTypeList.get(0), > EncryptionType.ARCFOUR_HMAC); > assertEquals(orderedEncryptionTypeList.get(1), > EncryptionType.AES256_CTS_HMAC_SHA1_96); > assertEquals(orderedEncryptionTypeList.get(2), > EncryptionType.AES128_CTS_HMAC_SHA1_96); > assertEquals(orderedEncryptionTypeList.get(3), > EncryptionType.DES3_CBC_SHA1); > } > } > > This "behaviour" is causing trouble when this method is executed by my > application using Apache Kerby. > > I suggest the following fix which passes the above JUnit test and lets > my application run flawlessly with a local Apache Kerby version > including this fix. > > In method orderEtypesByStrength(List<EncryptionType>) of class > org.apache.kerby.kerberos.kerb.common.EncryptionUtil add condition "&& > !ordered.contains(encType)" in the methods if-statement: > > /** > * Order a list of EncryptionType in a decreasing strength order > * > * @param etypes The ETypes to order > * @return A list of ordered ETypes. The strongest is on the left. > */ > public static List<EncryptionType> > orderEtypesByStrength(List<EncryptionType> etypes) { > List<EncryptionType> ordered = new ArrayList<>(etypes.size()); > > for (String algo : CIPHER_ALGO_MAP.values()) { > for (EncryptionType encType : etypes) { > String foundAlgo = getAlgoNameFromEncType(encType); > > if (algo.equals(foundAlgo) && !ordered.contains(encType)) { > ordered.add(encType); > } > } > } > > return ordered; > } > > Regards, > > Lars Froböse > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
