From d1671e6a0e290b03efe995b69c7ca22e53a7b2cf Mon Sep 17 00:00:00 2001 From: Benjamin Clauss Date: Mon, 18 Nov 2024 12:48:18 +0100 Subject: [PATCH] fix: Fix IdentityManagerTest and add salt to hashing algorithm --- .../internal/identity/IdentityManager.java | 15 ++++++++++++++- .../identity/IdentityManagerTest.java | 19 ++++++++++--------- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/inspectit-gepard-agent/src/main/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManager.java b/inspectit-gepard-agent/src/main/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManager.java index 638c8f9..51d5268 100644 --- a/inspectit-gepard-agent/src/main/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManager.java +++ b/inspectit-gepard-agent/src/main/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManager.java @@ -6,6 +6,8 @@ import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Base64; import java.util.Objects; import rocks.inspectit.gepard.agent.internal.identity.model.IdentityInfo; @@ -38,13 +40,16 @@ public IdentityInfo getIdentityInfo() { * @return the SHA3-256 hashed String */ private static String hash(String input) { + String salt = generateSalt(); + String saltedInput = salt + input; + MessageDigest messageDigest; try { messageDigest = MessageDigest.getInstance("SHA3-256"); } catch (NoSuchAlgorithmException e) { throw new UnsupportedOperationException("SHA3-256 not supported", e); } - byte[] bytes = messageDigest.digest(input.getBytes(StandardCharsets.UTF_8)); + byte[] bytes = messageDigest.digest(saltedInput.getBytes(StandardCharsets.UTF_8)); StringBuilder hexString = new StringBuilder(2 * bytes.length); for (byte b : bytes) { String hex = Integer.toHexString(0xff & b); @@ -55,4 +60,12 @@ private static String hash(String input) { } return hexString.toString(); } + + /** Generates a secure random 128bit string/salt */ + private static String generateSalt() { + byte[] salt = new byte[16]; + SecureRandom secureRandom = new SecureRandom(); + secureRandom.nextBytes(salt); + return Base64.getEncoder().encodeToString(salt); + } } diff --git a/inspectit-gepard-agent/src/test/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManagerTest.java b/inspectit-gepard-agent/src/test/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManagerTest.java index a471bc9..6900b81 100644 --- a/inspectit-gepard-agent/src/test/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManagerTest.java +++ b/inspectit-gepard-agent/src/test/java/rocks/inspectit/gepard/agent/internal/identity/IdentityManagerTest.java @@ -7,20 +7,23 @@ import java.lang.management.ManagementFactory; import java.lang.management.RuntimeMXBean; +import java.lang.reflect.Field; +import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.api.parallel.Execution; -import org.junit.jupiter.api.parallel.ExecutionMode; import org.mockito.MockedStatic; import org.mockito.Mockito; -import org.mockito.junit.jupiter.MockitoExtension; import rocks.inspectit.gepard.agent.internal.identity.model.IdentityInfo; -@ExtendWith(MockitoExtension.class) class IdentityManagerTest { + @BeforeEach + public void setup() throws NoSuchFieldException, IllegalAccessException { + Field instance = IdentityManager.class.getDeclaredField("instance"); + instance.setAccessible(true); + instance.set(null, null); + } + @Test - @Execution(ExecutionMode.SAME_THREAD) void testCreateIdentityManagerSuccessfully() { RuntimeMXBean mockRuntimeMXBean = mock(RuntimeMXBean.class); when(mockRuntimeMXBean.getName()).thenReturn("12345@mockedHostName"); @@ -36,9 +39,7 @@ void testCreateIdentityManagerSuccessfully() { assertNotNull(identityInfo); assertEquals("12345@mockedHostName", identityInfo.vmId()); - assertEquals( - "d29aca592fc2071bcef6577d649071d4d54a8ae6cd5c0be0e51f28af2867f207", - identityInfo.agentId()); + assertNotNull(identityInfo.agentId()); } } }