HTTPCLIENT-1106: Use character arrays for passwords in Credentials objects, not Strings

Remove leftovers of contructors and tests accepting passwords as strings git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1696585 13f79535-47bb-0310-9956-ffa450edef68
2015-08-19 13:29:56 +00:00 · 2015-08-19 13:29:56 +00:00 · 8c17af907a
parent c959fd3967
commit 8c17af907a
6 changed files with 23 additions and 96 deletions
--- a/httpclient/src/main/java/org/apache/http/auth/NTCredentials.java
+++ b/httpclient/src/main/java/org/apache/http/auth/NTCredentials.java
@ -57,42 +57,10 @@ public class NTCredentials implements Credentials, Serializable {
    /** The netbios domain the authentication request is against */
    private final String netbiosDomain;

-    /**
-     * The constructor with the fully qualified username and password combined
-     * string argument.
-     *
-     * @param usernamePassword the domain/username:password formed string
-     */
-    public NTCredentials(final String usernamePassword) {
-        super();
-        Args.notNull(usernamePassword, "Username:password string");
-        final String username;
-        final int atColon = usernamePassword.indexOf(':');
-        if (atColon >= 0) {
-            username = usernamePassword.substring(0, atColon);
-            this.password = usernamePassword.substring(atColon + 1).toCharArray();
-        } else {
-            username = usernamePassword;
-            this.password = null;
-        }
-        final int atSlash = username.indexOf('/');
-        if (atSlash >= 0) {
-            this.principal = new NTUserPrincipal(
-                    username.substring(0, atSlash).toUpperCase(Locale.ROOT),
-                    username.substring(atSlash + 1));
-        } else {
-            this.principal = new NTUserPrincipal(
-                    null,
-                    username.substring(atSlash + 1));
-        }
-        this.workstation = null;
-        this.netbiosDomain = null;
-    }
-
    /**
     * Constructor.
     * @param userName The user name.  This should not include the domain to authenticate with.
-     * For example: "user" is correct whereas "DOMAIN\\user" is not.
+     * For example: "user" is correct whereas "DOMAIN&#x5c;user" is not.
     * @param password The password.
     * @param workstation The workstation the authentication request is originating from.
     * Essentially, the computer name for this machine.
@ -109,7 +77,7 @@ public class NTCredentials implements Credentials, Serializable {
    /**
     * Constructor.
     * @param userName The user name.  This should not include the domain to authenticate with.
-     * For example: "user" is correct whereas "DOMAIN\\user" is not.
+     * For example: "user" is correct whereas "DOMAIN&#x5c;user" is not.
     * @param password The password.
     * @param workstation The netbios workstation name that the authentication request is originating from.
     * Essentially, the computer name for this machine.
--- a/httpclient/src/main/java/org/apache/http/auth/UsernamePasswordCredentials.java
+++ b/httpclient/src/main/java/org/apache/http/auth/UsernamePasswordCredentials.java
@ -47,26 +47,6 @@ public class UsernamePasswordCredentials implements Credentials, Serializable {
    private final BasicUserPrincipal principal;
    private final char[] password;

-    /**
-     * The constructor with the username and password combined string argument.
-     *
-     * @param usernamePassword the username:password formed string
-     * @see #toString
-     */
-    public UsernamePasswordCredentials(final String usernamePassword) {
-        super();
-        Args.notNull(usernamePassword, "Username:password string");
-        final int atColon = usernamePassword.indexOf(':');
-        if (atColon >= 0) {
-            this.principal = new BasicUserPrincipal(usernamePassword.substring(0, atColon));
-            this.password = usernamePassword.substring(atColon + 1).toCharArray();
-        } else {
-            this.principal = new BasicUserPrincipal(usernamePassword);
-            this.password = null;
-        }
-    }
-
-
    /**
     * The constructor with the username and password arguments.
     *
--- a/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java
+++ b/httpclient/src/main/java/org/apache/http/impl/execchain/ProtocolExec.java
@ -144,9 +144,19 @@ public class ProtocolExec implements ClientExecChain {
            if (userinfo != null) {
                final CredentialsProvider credsProvider = context.getCredentialsProvider();
                if (credsProvider instanceof CredentialsStore) {
+                    final int atColon = userinfo.indexOf(':');
+                    final String userName;
+                    final char[] password;
+                    if (atColon >= 0) {
+                        userName = userinfo.substring(0, atColon);
+                        password = userinfo.substring(atColon + 1).toCharArray();
+                    } else {
+                        userName = userinfo.substring(0, atColon);
+                        password = null;
+                    }
                    ((CredentialsStore) credsProvider).setCredentials(
                            new AuthScope(target),
-                            new UsernamePasswordCredentials(userinfo));
+                            new UsernamePasswordCredentials(userName, password));
                }
            }
        }
--- a/httpclient/src/test/java/org/apache/http/auth/TestCredentials.java
+++ b/httpclient/src/test/java/org/apache/http/auth/TestCredentials.java
@ -47,19 +47,12 @@ public class TestCredentials {
        Assert.assertArrayEquals("pwd".toCharArray(), creds1.getPassword());
        Assert.assertEquals("[principal: name]", creds1.toString());
        final UsernamePasswordCredentials creds2 = new UsernamePasswordCredentials(
-                "name:pwd");
+            "name", null);
        Assert.assertEquals("name", creds2.getUserName());
        Assert.assertEquals(new BasicUserPrincipal("name"),
                creds2.getUserPrincipal());
-        Assert.assertArrayEquals("pwd".toCharArray(), creds2.getPassword());
+        Assert.assertEquals(null, creds2.getPassword());
        Assert.assertEquals("[principal: name]", creds2.toString());
-        final UsernamePasswordCredentials creds3 = new UsernamePasswordCredentials(
-            "name");
-        Assert.assertEquals("name", creds3.getUserName());
-        Assert.assertEquals(new BasicUserPrincipal("name"),
-                creds3.getUserPrincipal());
-        Assert.assertEquals(null, creds3.getPassword());
-        Assert.assertEquals("[principal: name]", creds3.toString());
    }

    @Test
@ -80,30 +73,6 @@ public class TestCredentials {
        Assert.assertEquals(null, creds2.getPassword());
        Assert.assertEquals("[principal: name][workstation: null][netbiosDomain: null]",
                creds2.toString());
-        final NTCredentials creds3 = new NTCredentials(
-                "domain/name:pwd");
-        Assert.assertEquals("name", creds3.getUserName());
-        Assert.assertEquals(new NTUserPrincipal("DOMAIN", "name"),
-                creds3.getUserPrincipal());
-        Assert.assertArrayEquals("pwd".toCharArray(), creds3.getPassword());
-        Assert.assertEquals("[principal: DOMAIN\\name][workstation: null][netbiosDomain: null]",
-                creds3.toString());
-        final NTCredentials creds4 = new NTCredentials(
-            "domain/name");
-        Assert.assertEquals("name", creds4.getUserName());
-        Assert.assertEquals(new NTUserPrincipal("DOMAIN", "name"),
-                creds4.getUserPrincipal());
-        Assert.assertEquals(null, creds4.getPassword());
-        Assert.assertEquals("[principal: DOMAIN\\name][workstation: null][netbiosDomain: null]",
-                creds4.toString());
-        final NTCredentials creds5 = new NTCredentials(
-            "name");
-        Assert.assertEquals("name", creds5.getUserName());
-        Assert.assertEquals(new NTUserPrincipal(null, "name"),
-                creds5.getUserPrincipal());
-        Assert.assertEquals(null, creds5.getPassword());
-        Assert.assertEquals("[principal: name][workstation: null][netbiosDomain: null]",
-                creds5.toString());
    }

    @Test
--- a/httpclient/src/test/java/org/apache/http/impl/auth/TestHttpAuthenticator.java
+++ b/httpclient/src/test/java/org/apache/http/impl/auth/TestHttpAuthenticator.java
@ -159,7 +159,7 @@ public class TestHttpAuthenticator {
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"realm1\", nonce=\"1234\""));
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "whatever realm=\"realm1\", stuff=\"1234\""));

-        final Credentials credentials = new UsernamePasswordCredentials("user:pass");
+        final Credentials credentials = new UsernamePasswordCredentials("user", "pass".toCharArray());
        Mockito.when(this.credentialsProvider.getCredentials(Mockito.<AuthScope>any())).thenReturn(credentials);

        final DefaultAuthenticationStrategy authStrategy = new DefaultAuthenticationStrategy();
@ -186,7 +186,7 @@ public class TestHttpAuthenticator {
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"test\""));
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"realm1\", nonce=\"1234\""));

-        final Credentials credentials = new UsernamePasswordCredentials("user:pass");
+        final Credentials credentials = new UsernamePasswordCredentials("user", "pass".toCharArray());
        Mockito.when(this.credentialsProvider.getCredentials(new AuthScope(host, "test", "basic"))).thenReturn(credentials);

        final DefaultAuthenticationStrategy authStrategy = new DefaultAuthenticationStrategy();
@ -321,7 +321,7 @@ public class TestHttpAuthenticator {
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "Digest realm=\"realm1\", nonce=\"1234\""));
        response.addHeader(new BasicHeader(HttpHeaders.WWW_AUTHENTICATE, "whatever realm=\"realm1\", stuff=\"1234\""));

-        final Credentials credentials = new UsernamePasswordCredentials("user:pass");
+        final Credentials credentials = new UsernamePasswordCredentials("user", "pass".toCharArray());
        Mockito.when(this.credentialsProvider.getCredentials(new AuthScope(host, "realm1", "digest"))).thenReturn(credentials);

        final DefaultAuthenticationStrategy authStrategy = new DefaultAuthenticationStrategy();
--- a/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
+++ b/httpclient/src/test/java/org/apache/http/impl/execchain/TestMainClientExec.java
@ -394,7 +394,7 @@ public class TestMainClientExec {
                .build());

        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user:pass"));
+        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user", "pass".toCharArray()));
        context.setCredentialsProvider(credentialsProvider);

        Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
@ -445,7 +445,7 @@ public class TestMainClientExec {
        context.setAuthExchange(proxy, proxyAuthExchange);

        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user:pass"));
+        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user", "pass".toCharArray()));
        context.setCredentialsProvider(credentialsProvider);

        Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
@ -493,7 +493,7 @@ public class TestMainClientExec {
                .build());

        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user:pass"));
+        credentialsProvider.setCredentials(new AuthScope(target), new UsernamePasswordCredentials("user", "pass".toCharArray()));
        context.setCredentialsProvider(credentialsProvider);

        Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
@ -715,7 +715,7 @@ public class TestMainClientExec {
        final HttpResponse response2 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 200, "OK");

        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(new AuthScope(proxy), new UsernamePasswordCredentials("user:pass"));
+        credentialsProvider.setCredentials(new AuthScope(proxy), new UsernamePasswordCredentials("user", "pass".toCharArray()));
        context.setCredentialsProvider(credentialsProvider);

        Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);
@ -753,7 +753,7 @@ public class TestMainClientExec {
        final HttpResponse response2 = new BasicHttpResponse(HttpVersion.HTTP_1_1, 200, "OK");

        final BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(new AuthScope(proxy), new UsernamePasswordCredentials("user:pass"));
+        credentialsProvider.setCredentials(new AuthScope(proxy), new UsernamePasswordCredentials("user", "pass".toCharArray()));
        context.setCredentialsProvider(credentialsProvider);

        Mockito.when(managedConn.isOpen()).thenReturn(Boolean.TRUE);