1berry/jenkins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup HudsonPrivateSecurityRealmTest (#10735)

Browse Source
This commit is contained in:
Kris Stern 2025-06-11 19:47:15 +08:00 committed by GitHub
commit 0d38a1ec69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
core/src/test/java/hudson/security/HudsonPrivateSecurityRealmTest.java
View File

@ -15,25 +15,26 @@ import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.time.Duration; import java.time.Duration;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
import org.junit.Assert; import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.jvnet.hudson.test.Issue; import org.jvnet.hudson.test.Issue;
import org.mockito.Mockito; import org.mockito.Mockito;
public class HudsonPrivateSecurityRealmTest { class HudsonPrivateSecurityRealmTest {
// MySecurePassword // MySecurePassword
private static final String PBKDF2_HMAC_SHA512_ENCODED_PASSWORD = private static final String PBKDF2_HMAC_SHA512_ENCODED_PASSWORD =
"$HMACSHA512:210000:30f9e0a5470a8bc67f128ca1aae25dd4$88abaca4f442caeff0096ec0f75df2d77cc31a956c564133232f4d2532a72c8d4380a718d5b2a3dccab9e752027eeadd8f9f2c0c624505531bf3a57ec7d08aad"; "$HMACSHA512:210000:30f9e0a5470a8bc67f128ca1aae25dd4$88abaca4f442caeff0096ec0f75df2d77cc31a956c564133232f4d2532a72c8d4380a718d5b2a3dccab9e752027eeadd8f9f2c0c624505531bf3a57ec7d08aad";
/* /*
* This exists so that we can easily check the complexity of how long this takes (ie is the number of iterations we * This exists so that we can easily check the complexity of how long this takes (ie is the number of iterations we
* use correct for the state of CPUs). * use correct for the state of CPUs).
* We do not want to assert that the range < x and > y as that would make the test flaky on overloaded * We do not want to assert that the range < x and > y as that would make the test flaky on overloaded
* or slow hardware, so this is commented out but left for ease of running locally when desired. * or slow hardware, so this is disabled but left for ease of running locally when desired.
*/ */
//@Test @Test
public void timingPBKDF2() { @Disabled
void timingPBKDF2() {
// ignore the salt generation - check just matching.... // ignore the salt generation - check just matching....
PBKDF2PasswordEncoder encoder = new PBKDF2PasswordEncoder(); PBKDF2PasswordEncoder encoder = new PBKDF2PasswordEncoder();
String encoded = encoder.encode("thisIsMyPassword1"); String encoded = encoder.encode("thisIsMyPassword1");
@ -53,13 +54,14 @@ public class HudsonPrivateSecurityRealmTest {
} }
/* /*
* This exists so that we can easily check the complexity of how long this takes (ie is the number of iterations we * This exists so that we can easily check the complexity of how long this takes (ie is the number of iterations we
* use correct for the state of CPUs). * use correct for the state of CPUs).
* We do not want to assert that the range < x and > y as that would make the test flaky on overloaded * We do not want to assert that the range < x and > y as that would make the test flaky on overloaded
* or slow hardware, so this is commented out but left for ease of running locally when desired. * or slow hardware, so this is disabled but left for ease of running locally when desired.
*/ */
//@Test @Test
public void timingJBCrypt() { @Disabled
void timingJBCrypt() {
// ignore the salt generation - check just matching.... // ignore the salt generation - check just matching....
JBCryptEncoder encoder = new JBCryptEncoder(); JBCryptEncoder encoder = new JBCryptEncoder();
String encoded = encoder.encode("thisIsMyPassword1"); String encoded = encoder.encode("thisIsMyPassword1");
@ -111,7 +113,6 @@ public class HudsonPrivateSecurityRealmTest {
assertFalse(encoder.isHashValid( assertFalse(encoder.isHashValid(
"::$sfdfssdf"), "::$sfdfssdf"),
"wrong format"); "wrong format");
} }
@Test @Test
@ -123,7 +124,7 @@ public class HudsonPrivateSecurityRealmTest {
} }
@Test @Test
void passwordPBKDF2WithMissingAgorithm() throws Exception { void passwordPBKDF2WithMissingAlgorithm() throws Exception {
HudsonPrivateSecurityRealm.PBKDF2PasswordEncoder pbkdf2PasswordEncoder = new HudsonPrivateSecurityRealm.PBKDF2PasswordEncoder(); HudsonPrivateSecurityRealm.PBKDF2PasswordEncoder pbkdf2PasswordEncoder = new HudsonPrivateSecurityRealm.PBKDF2PasswordEncoder();
try (var ignored = mockStatic(SecretKeyFactory.class)) { try (var ignored = mockStatic(SecretKeyFactory.class)) {
when(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512")).thenThrow(NoSuchAlgorithmException.class); when(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512")).thenThrow(NoSuchAlgorithmException.class);
@ -157,14 +158,17 @@ public class HudsonPrivateSecurityRealmTest {
} }
@Issue("JENKINS-75533") @Issue("JENKINS-75533")
public void ensureExpectedMessageAscii() { @Test
final IllegalArgumentException ex = Assert.assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode("1234567890123456789012345678901234567890123456789012345678901234567890123")); void ensureExpectedMessageAscii() {
final IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode(
"1234567890123456789012345678901234567890123456789012345678901234567890123"));
assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong_ASCII())); assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong_ASCII()));
} }
@Issue("JENKINS-75533") @Issue("JENKINS-75533")
public void ensureExpectedMessageEmoji() { @Test
final IllegalArgumentException ex = Assert.assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode( void ensureExpectedMessageEmoji() {
final IllegalArgumentException ex = assertThrows(IllegalArgumentException.class, () -> HudsonPrivateSecurityRealm.PASSWORD_HASH_ENCODER.encode(
"\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20" + "\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20" +
"\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20")); // 🤠 "\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20\uD83E\uDD20")); // 🤠
assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong())); assertThat(ex.getMessage(), is(Messages.HudsonPrivateSecurityRealm_CreateAccount_BCrypt_PasswordTooLong()));