Mercurial > stress-tester
changeset 1048:0b0971546a00
PgSqlLoginFilter - in progress
| author | Devel 1 |
|---|---|
| date | Tue, 14 Apr 2020 15:45:01 +0200 |
| parents | 701a034a0fe0 |
| children | 0edcfd3d256d |
| files | stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlFilter.java stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlLoginFilter.java stress-tester/src/test/java/com/passus/st/client/pgsql/filter/PgSqlFilterTest.java stress-tester/src/test/java/com/passus/st/client/pgsql/filter/PgSqlLoginFilterTest.java |
| diffstat | 4 files changed, 91 insertions(+), 80 deletions(-) [+] |
line wrap: on
line diff
--- a/stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlFilter.java Tue Apr 14 15:30:38 2020 +0200 +++ b/stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlFilter.java Tue Apr 14 15:45:01 2020 +0200 @@ -3,8 +3,6 @@ import com.passus.net.pgsql.PgSqlMessage; import com.passus.st.client.FlowContext; import com.passus.st.filter.FlowFilter; -import static com.passus.st.utils.HashUtils.*; -import java.security.MessageDigest; /** * @@ -35,35 +33,4 @@ public int filterOutbound(PgSqlMessage req, Object resp, FlowContext context) { return DUNNO; } - - //MD5(MD5(password + user) + salt) - public static byte[] hashMD5(byte[] user, byte[] password, byte[] salt) { - MessageDigest md5 = getMD5(); - byte[] hexes = new byte[35]; - byte[] digest; - - md5.update(password); - md5.update(user); - digest = md5.digest(); - bytesToHex(digest, hexes, 0); - - md5.update(hexes, 0, 32); - md5.update(salt); - digest = md5.digest(); - - hexes[0] = (byte) 'm'; - hexes[1] = (byte) 'd'; - hexes[2] = (byte) '5'; - bytesToHex(digest, hexes, 3); - - return hexes; - } - - private static void bytesToHex(byte[] bytes, byte[] hex, int offset) { - for (int i = 0; i < 16; i++) { - int c = bytes[i] & 0xff; - hex[offset++] = (byte) HEX_L[(c >> 4)]; - hex[offset++] = (byte) HEX_L[(c & 0xf)]; - } - } }
--- a/stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlLoginFilter.java Tue Apr 14 15:30:38 2020 +0200 +++ b/stress-tester/src/main/java/com/passus/st/client/pgsql/filter/PgSqlLoginFilter.java Tue Apr 14 15:45:01 2020 +0200 @@ -4,7 +4,12 @@ import com.passus.net.pgsql.PgSqlMessage; import com.passus.net.pgsql.PgSqlPasswordMessage; import com.passus.st.client.FlowContext; +import com.passus.st.client.credentials.Credentials; import com.passus.st.client.credentials.CredentialsProvider; +import static com.passus.st.utils.HashUtils.HEX_L; +import static com.passus.st.utils.HashUtils.getMD5; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -15,7 +20,7 @@ public class PgSqlLoginFilter extends PgSqlFilter { private static final Logger LOGGER = LogManager.getLogger(PgSqlLoginFilter.class); - + protected CredentialsProvider credentialsProvider; // init, clone @Override @@ -28,18 +33,7 @@ if (resp instanceof PgSqlAuthRequestMessage) { PgSqlAuthRequestMessage authReq = (PgSqlAuthRequestMessage) resp; PgSqlAuthRequestMessage.AuthType authType = authReq.getAuthType(); - switch (authType) { - case PLAINTEXT: - break; - case MD5: - break; - case CRYPTED: - break; - default: - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Unsupported auth type: " + authType); - } - } + context.setParam("authType", authType); } return DUNNO; } @@ -48,23 +42,70 @@ public int filterOutbound(PgSqlMessage req, Object resp, FlowContext context) { if (req instanceof PgSqlPasswordMessage) { PgSqlPasswordMessage passwordReq = (PgSqlPasswordMessage) req; - PgSqlAuthRequestMessage.AuthType authType = context.getParamValue("authType"); + PgSqlAuthRequestMessage.AuthType authType = context.getParamValue("authType"); - /* + byte[] salt = new byte[4]; + CredentialsProvider.ProviderContext pc = null; + Credentials credentials = getCredentials(pc); + String password = credentials.getPassword(); + String user = credentials.getUser(); + switch (authType) { - case PLAINTEXT: - break; - case MD5: - break; - case CRYPTED: - break; - default: - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Unsupported auth type: " + authType); + case PLAINTEXT: + passwordReq.setPassword(password); + break; + case MD5: + String hashMD5 = hashMD5(user, password, salt); + passwordReq.setPassword(hashMD5); + break; + default: + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Unsupported auth type: " + authType); + } } - */ + } return DUNNO; } + protected Credentials getCredentials(CredentialsProvider.ProviderContext context) { + return credentialsProvider == null ? null : credentialsProvider.getCredentials(context); + } + + public static String hashMD5(String user, String password, byte[] salt) { + byte[] hash = hashMD5(user.getBytes(StandardCharsets.UTF_8), password.getBytes(StandardCharsets.UTF_8), salt); + return new String(hash, StandardCharsets.US_ASCII); + } + + //MD5(MD5(password + user) + salt) + public static byte[] hashMD5(byte[] user, byte[] password, byte[] salt) { + MessageDigest md5 = getMD5(); + byte[] hexes = new byte[35]; + byte[] digest; + + md5.update(password); + md5.update(user); + digest = md5.digest(); + bytesToHex(digest, hexes, 0); + + md5.update(hexes, 0, 32); + md5.update(salt); + digest = md5.digest(); + + hexes[0] = (byte) 'm'; + hexes[1] = (byte) 'd'; + hexes[2] = (byte) '5'; + bytesToHex(digest, hexes, 3); + + return hexes; + } + + private static void bytesToHex(byte[] bytes, byte[] hex, int offset) { + for (int i = 0; i < 16; i++) { + int c = bytes[i] & 0xff; + hex[offset++] = (byte) HEX_L[(c >> 4)]; + hex[offset++] = (byte) HEX_L[(c & 0xf)]; + } + } + }
--- a/stress-tester/src/test/java/com/passus/st/client/pgsql/filter/PgSqlFilterTest.java Tue Apr 14 15:30:38 2020 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,22 +0,0 @@ -package com.passus.st.client.pgsql.filter; - -import java.nio.charset.StandardCharsets; -import static org.testng.AssertJUnit.*; -import org.testng.annotations.Test; - -/** - * - * @author mikolaj.podbielski - */ -public class PgSqlFilterTest { - - @Test - public void testHashMD5() { - byte[] user = "user124".getBytes(StandardCharsets.US_ASCII); - byte[] pass = "password124".getBytes(StandardCharsets.US_ASCII); - byte[] salt = {(byte) 0xc7, (byte) 0x23, (byte) 0x3a, (byte) 0x02}; - byte[] md5 = PgSqlFilter.hashMD5(user, pass, salt); - assertEquals("md5742406fe1f3ccb09922647b3554ba223", new String(md5, StandardCharsets.US_ASCII)); - } - -}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/stress-tester/src/test/java/com/passus/st/client/pgsql/filter/PgSqlLoginFilterTest.java Tue Apr 14 15:45:01 2020 +0200 @@ -0,0 +1,25 @@ +package com.passus.st.client.pgsql.filter; + +import static org.testng.AssertJUnit.*; +import org.testng.annotations.Test; + +/** + * + * @author mikolaj.podbielski + */ +public class PgSqlLoginFilterTest { + + @Test + public void testHashMD5() { + // pgsql11_login_md5.pcap + byte[] salt = {(byte) 0xc7, (byte) 0x23, (byte) 0x3a, (byte) 0x02}; + String md5 = PgSqlLoginFilter.hashMD5("user124", "password124", salt); + assertEquals("md5742406fe1f3ccb09922647b3554ba223", md5); + + // pgsql_md5_auth_success.pcap frames 21 22 + salt = new byte[] {(byte) 0xb5, (byte) 0x80, (byte) 0x96, (byte) 0xef}; + md5 = PgSqlLoginFilter.hashMD5("test", "qwerty", salt); + assertEquals("md5c56f914e6ccb0153337ca45ae15471a4", md5); + } + +}