public void Constructor_SetsPropertiesBasedOnConfiguration()
{
var appConfigFile = Path.GetTempFileName();
var appConfig = @"<?xml version='1.0'?>
<configuration>
<configSections>
<section name='ensues.security' type='Ensues.Configuration.SecuritySection, Ensues.Security' />
</configSections>
<ensues.security>
<passwordAlgorithm hashFunction='SHA384' hashIterations='654321' compareInConstantTime='false' saltLength='432' />
</ensues.security>
</configuration>
";
File.WriteAllText(appConfigFile, appConfig);
try {
using (AppConfig.Change(appConfigFile)) {
var pa = new PasswordAlgorithm();
Assert.AreEqual(HashFunction.SHA384, pa.HashFunction);
Assert.AreEqual(654321, pa.HashIterations);
Assert.AreEqual(false, pa.CompareInConstantTime);
Assert.AreEqual(432, pa.SaltLength);
}
}
finally {
File.Delete(appConfigFile);
}
}
public void ConfigurePasswordAlgorithm(PasswordAlgorithm passwordAlgorithm) {
if (null == passwordAlgorithm) throw new ArgumentNullException("passwordAlgorithm");
passwordAlgorithm.CompareInConstantTime = CompareInConstantTime;
passwordAlgorithm.HashFunction = HashFunction;
passwordAlgorithm.HashIterations = HashIterations;
passwordAlgorithm.SaltLength = SaltLength;
}
public void Compare_DoesNotUseConstantTimeComparer()
{
var retv = default(bool);
var xstr = default(string);
var ystr = default(string);
var func = new Func <string, string, bool>((x, y) => {
xstr = x;
ystr = y;
return(retv);
});
var mock = new MockConstantTimeComparer {
EqualsProxy = func
};
var algo = new PasswordAlgorithm {
ConstantTimeComparer = mock,
CompareInConstantTime = false
};
var password = "******";
var computed = algo.Compute(password);
retv = false;
Assert.IsTrue(algo.Compare(password, computed));
Assert.IsNull(xstr);
Assert.IsNull(ystr);
}
public void Compute_ComputesEmptyString()
{
var algo = new PasswordAlgorithm();
var comp = algo.Compute("");
Assert.IsFalse(string.IsNullOrWhiteSpace(comp));
}
public void ConstantTimeComparer_IsInstance()
{
var comparer = new PasswordAlgorithm().ConstantTimeComparer;
Assert.IsNotNull(comparer);
Assert.AreEqual(typeof(ConstantTimeComparer), comparer.GetType());
}
public void Compare_ComparesComputedEmptyString()
{
var algo = new PasswordAlgorithm();
var comp = algo.Compute("");
Assert.IsTrue(algo.Compare("", comp));
}
public void Compare_ReturnsFalseForDifferentCase()
{
var algo = new PasswordAlgorithm();
var computed = algo.Compute("different case");
Assert.IsFalse(algo.Compare("different caSe", computed));
}
public void Compare_ReturnsFalseForUnequalStringLengths()
{
var algo = new PasswordAlgorithm();
var computed = algo.Compute("different length");
Assert.IsFalse(algo.Compare("different length ", computed));
}
public void Compare_UsesConstantTimeComparer()
{
var retv = default(bool);
var xstr = default(string);
var ystr = default(string);
var func = new Func <string, string, bool>((x, y) => {
xstr = x;
ystr = y;
return(retv);
});
var mock = new MockConstantTimeComparer {
EqualsProxy = func
};
var algo = new PasswordAlgorithm {
ConstantTimeComparer = mock,
CompareInConstantTime = true
};
foreach (var v in new[] { true, false })
{
retv = v;
var password = "******" + retv;
var computed = algo.Compute(password);
Assert.AreEqual(retv, algo.Compare(password, computed));
Assert.AreEqual(computed, xstr);
Assert.AreEqual(computed, ystr);
}
}
public void Compare_NullPasswordReturnsFalse()
{
var pa = new PasswordAlgorithm();
var cr = pa.Compute("computed result");
Assert.IsFalse(pa.Compare(null, cr));
}
public void Compute_ComputesDifferentResultsForSamePassword()
{
var algo = new PasswordAlgorithm();
var password = "******";
var result1 = algo.Compute(password);
var result2 = algo.Compute(password);
Assert.AreNotEqual(result1, result2);
}
public void ConfigurePasswordAlgorithm(PasswordAlgorithm passwordAlgorithm) {
var element = Section;
if (element != null) {
var elementInformation = element.ElementInformation;
if (elementInformation != null && elementInformation.IsPresent) {
element.ConfigurePasswordAlgorithm(passwordAlgorithm);
}
}
}
public void Compare_WorksAfterHashIterationsIsChanged()
{
var password = "******";
var algo = new PasswordAlgorithm();
var computed = algo.Compute(password);
algo.HashIterations = 999999;
Assert.IsTrue(algo.Compare(password, computed));
}
public void Compare_ReturnsTrueForEqualPasswords()
{
var password = "******";
var algo = new PasswordAlgorithm();
var computed = algo.Compute(password);
Assert.AreNotEqual(password, computed);
Assert.IsTrue(algo.Compare(password, computed));
}
public void Compute_EmptyStringDoesNotThrowException()
{
var ex = default(Exception);
var pa = new PasswordAlgorithm();
try { pa.Compute(string.Empty); }
catch (Exception e) { ex = e; }
Assert.IsNull(ex);
}
public void SaltLength_0Works()
{
var algo = new PasswordAlgorithm();
var password = "******";
algo.SaltLength = 0;
var computedResult = algo.Compute(password);
Assert.IsTrue(algo.Compare(password, computedResult));
}
public void CompareInConstantTime_CanBeSet()
{
var algo = new PasswordAlgorithm();
foreach (var b in new[] { true, false, true })
{
algo.CompareInConstantTime = b;
Assert.AreEqual(b, algo.CompareInConstantTime);
}
}
public void Compare_WorksAfterSaltLengthIsChanged()
{
var password = "******";
var algo = new PasswordAlgorithm {
SaltLength = 8
};
var computed = algo.Compute(password);
algo.SaltLength = 88;
Assert.IsTrue(algo.Compare(password, computed));
}
public void HashIterations_ChangesComputedResult()
{
var algo = new PasswordAlgorithm();
var password = "******";
var results = Enumerable.Range(0, 10).Select(i => {
algo.HashIterations = i;
return(algo.Compute(password));
})
.ToList();
Assert.AreEqual(results.Count(), results.Distinct().Count());
}
public void HashFunction_CanBeSet()
{
var algo = new PasswordAlgorithm();
var values = Enum.GetValues(typeof(HashFunction)).Cast <HashFunction>().ToList();
Assert.AreNotEqual(0, values.Count());
foreach (var value in values)
{
algo.HashFunction = value;
Assert.AreEqual(value, algo.HashFunction);
}
}
public void HashIterations_ThrowsExceptionIfLessThan0()
{
var algo = new PasswordAlgorithm();
try {
algo.HashIterations = -1;
Assert.Fail();
}
catch (ArgumentOutOfRangeException ex) {
Assert.AreEqual("HashIterations", ex.ParamName);
}
}
public void Compute_SHA512Creates120CharacterComputation()
{
var algo = new PasswordAlgorithm();
algo.HashFunction = HashFunction.SHA512;
foreach (var password in new[] { "", "1234", "password", "asdf1234JKL:", "qwertyuiopasdfghjklzxcvbnm!@#$%^&*()\r\n\t " })
{
var comp = algo.Compute(password);
Assert.AreEqual(120, comp.Length);
Assert.IsTrue(algo.Compare(password, comp));
}
}
public void SaltLength_ThrowsExceptionIfLessThan0()
{
var algo = new PasswordAlgorithm();
try {
algo.SaltLength = -1;
Assert.Fail();
}
catch (ArgumentOutOfRangeException ex) {
Assert.AreEqual("SaltLength", ex.ParamName);
}
}
public void Compute_NullThrowsException()
{
var ex = default(Exception);
var pa = new PasswordAlgorithm();
try {
pa.Compute(null);
}
catch (Exception e) {
ex = e;
}
Assert.IsNotNull(ex);
}
public void Compare_ComputedResultThatWasNotComputedThrowsException()
{
var pa = new PasswordAlgorithm();
var ex = default(Exception);
try {
pa.Compare("plain text", "not computed");
}
catch (Exception e) {
ex = e;
}
Assert.IsNotNull(ex);
}
public void Compare_WorksForLongPasswords()
{
var password = Enumerable
.Range(0, 100)
.Select(_ => "abcdefghijklmnopqrstuvwxyz0123456789")
.Aggregate((s1, s2) => s1 + s2 + "ABCDEFGHIJKLMNOPQRSTUVWXYZ");
var algo = new PasswordAlgorithm();
var computed = algo.Compute(password);
Assert.IsTrue(algo.Compare(password, computed));
var incorrectPassword = password.Remove(0, 1);
Assert.IsFalse(algo.Compare(incorrectPassword, computed));
}
public void Compare_EmptyPasswordDoesNotThrowException()
{
var pa = new PasswordAlgorithm();
var cr = pa.Compute("password");
var ex1 = default(Exception);
try {
pa.Compare(string.Empty, cr);
}
catch (Exception ex) {
ex1 = ex;
}
Assert.IsNull(ex1);
}
public void Computed_ThrowsArgumentNullException()
{
var algo = new PasswordAlgorithm();
var exception = default(ArgumentNullException);
try {
algo.Compute(null);
}
catch (ArgumentNullException ex) {
exception = ex;
}
Assert.IsNotNull(exception);
Assert.AreEqual("password", exception.ParamName);
}
public void Constructor_UsesDefaultsIfSectionDoesNotExistInAppConfig()
{
var appConfig = @"<?xml version='1.0'?>
<configuration>
</configuration>
";
using (AppConfig.With(appConfig)) {
var algo = new PasswordAlgorithm();
Assert.AreEqual(HashFunction.SHA256, algo.HashFunction);
Assert.AreEqual(1000, algo.HashIterations);
Assert.AreEqual(true, algo.CompareInConstantTime);
Assert.AreEqual(16, algo.SaltLength);
}
}
public void Compute_ThrowsExceptionIfHashFunctionIsInvalid()
{
var algo = new PasswordAlgorithm();
var invalid = Enum.GetValues(typeof(HashFunction)).Cast <short>().Max() + 1;
algo.HashFunction = (HashFunction)invalid;
var exception = default(Exception);
try {
algo.Compute("password");
}
catch (Exception ex) {
exception = ex;
}
Assert.IsNotNull(exception);
}
public void Compute_CreatesDifferentResultsWithDifferentHashFunctions()
{
var algo = new PasswordAlgorithm();
var password = "******";
algo.HashFunction = HashFunction.SHA256;
var sha256Result = algo.Compute(password);
algo.HashFunction = HashFunction.SHA384;
var sha384Result = algo.Compute(password);
algo.HashFunction = HashFunction.SHA512;
var sha512Result = algo.Compute(password);
Assert.IsTrue(sha384Result.Length > sha256Result.Length);
Assert.IsTrue(sha512Result.Length > sha384Result.Length);
}
public void Compare_WorksWithAllHashFunctions()
{
var algo = new PasswordAlgorithm();
var computedResults = Enum.GetValues(typeof(HashFunction))
.Cast <HashFunction>()
.Select(hashFunction => {
algo.HashFunction = hashFunction;
return(algo.Compute("Here's the password: "******"Here's the password: "******"here's the password: "******"Here's the password:", computedResult));
}
}
public void ConfigurePasswordAlgorithm_ConfiguresInstance() {
var appConfig = @"<?xml version='1.0'?>
<configuration>
<configSections>
<section name='ensues.security' type='Ensues.Configuration.SecuritySection, Ensues.Security' />
</configSections>
<ensues.security>
<passwordAlgorithm hashFunction='SHA384' hashIterations='123456' compareInConstantTime='false' saltLength='321' />
<passwordGenerator length='100' symbols='abcdefghijklmnopqrstuvwxyz' />
</ensues.security>
</configuration>
";
using (AppConfig.With(appConfig)) {
var algo = new PasswordAlgorithm();
SecurityConfiguration.Default.ConfigurePasswordAlgorithm(algo);
Assert.AreEqual(HashFunction.SHA384, algo.HashFunction);
Assert.AreEqual(123456, algo.HashIterations);
Assert.AreEqual(false, algo.CompareInConstantTime);
Assert.AreEqual(321, algo.SaltLength);
}
}
