Package: plexus-cipher
Version: 1.5-3
Severity: serious
Tags: patch
Justification: fails to build from source (but built successfully in the past)
When building on a fast machine i get:
Running org.sonatype.plexus.components.cipher.PBECipherTest
+K09MzMSG00HwGTNaRzYDsUqhiabft0kDLpG1hGpezo=
+K09MzMSG00HwGTNaRzYDsUqhiabft0kDLpG1hGpezo=
Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.002 sec <<<
FAILURE!
Results :
Failed tests:
testEncrypt(org.sonatype.plexus.components.cipher.PBECipherTest)
Digging into this a bit it, the failed test asserts that a certain plaintext
doesn't encrypt to the same result twice. Unfortunately the PBECipher
implementation intializes it random generators with System.currentTimeMillis
(suspicious in itself imho), which simply means encrypting a plaintext twice in
the same milisecond will result in the same encrypted text, hence a test
failure.
Attaching a simple patch which enforces a sleep between the two encrypt calls
which works around this issue
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (101,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- a/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java
+++ b/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java
@@ -55,6 +55,8 @@
System.out.println(enc);
+ Thread.sleep (100);
+
String enc2 = _cipher.encrypt64( _cleatText, _password );
assertNotNull( enc2 );
