Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for the default password max length (as per the 1.6 spec) and other minor changes #345

Merged
merged 5 commits into from
Apr 28, 2024
Merged

Fix for the default password max length (as per the 1.6 spec) and other minor changes #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
14d60bc
Update gson due to reported vulnerability.
Apr 20, 2024
953f50b
A single instace, otherwise a static get() method makes no sense.
Apr 24, 2024
f7b92a3
Recommended by 1.6 spec is a 20 byte (40 chars) key.
Apr 24, 2024
cf20205
Fix password decoding.
Apr 24, 2024
fb5d0fb
More password fixes.
Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion OCPP-J/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

dependencies {
compile project(':common')
compile 'com.google.code.gson:gson:2.8.0'
compile 'com.google.code.gson:gson:2.8.9'
compile 'org.java-websocket:Java-WebSocket:1.5.3'
testCompile 'junit:junit:4.13.2'
testCompile 'org.mockito:mockito-core:4.11.0'
Expand Down
4 changes: 3 additions & 1 deletion OCPP-J/src/main/java/eu/chargetime/ocpp/JSONConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,10 @@ public class JSONConfiguration {

private JSONConfiguration() {}

private static final JSONConfiguration instance = new JSONConfiguration();

public static JSONConfiguration get() {
return new JSONConfiguration();
return instance;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API breaking change. Instead of getting a default configuration, you now get whatever configuration the last library user left behind.

}

public <T> JSONConfiguration setParameter(String name, T value) {
Expand Down
10 changes: 5 additions & 5 deletions OCPP-J/src/main/java/eu/chargetime/ocpp/WebSocketListener.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ public class WebSocketListener implements Listener {
private static final int TIMEOUT_IN_MILLIS = 10000;

private static final int OCPPJ_CP_MIN_PASSWORD_LENGTH = 16;
private static final int OCPPJ_CP_MAX_PASSWORD_LENGTH = 20;
private static final int OCPPJ_CP_MAX_PASSWORD_LENGTH = 40;

private static final String HTTP_HEADER_PROXIED_ADDRESS = "X-Forwarded-For";

Expand Down Expand Up @@ -146,7 +146,7 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(
.build();

String username = null;
byte[] password = null;
String password = null;
if (clientHandshake.hasFieldValue("Authorization")) {
String authorization = clientHandshake.getFieldValue("Authorization");
if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
Expand All @@ -159,15 +159,15 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(
username =
new String(Arrays.copyOfRange(credDecoded, 0, i), StandardCharsets.UTF_8);
if (i + 1 < credDecoded.length) {
password = Arrays.copyOfRange(credDecoded, i + 1, credDecoded.length);
password = new String(Arrays.copyOfRange(credDecoded, i + 1, credDecoded.length));
}
break;
}
}
}
if (password == null
|| password.length < configuration.getParameter(JSONConfiguration.OCPPJ_CP_MIN_PASSWORD_LENGTH, OCPPJ_CP_MIN_PASSWORD_LENGTH)
|| password.length > configuration.getParameter(JSONConfiguration.OCPPJ_CP_MAX_PASSWORD_LENGTH, OCPPJ_CP_MAX_PASSWORD_LENGTH))
|| password.length() < configuration.getParameter(JSONConfiguration.OCPPJ_CP_MIN_PASSWORD_LENGTH, OCPPJ_CP_MIN_PASSWORD_LENGTH)
|| password.length() > configuration.getParameter(JSONConfiguration.OCPPJ_CP_MAX_PASSWORD_LENGTH, OCPPJ_CP_MAX_PASSWORD_LENGTH))
throw new InvalidDataException(401, "Invalid password length");
}

Expand Down
2 changes: 1 addition & 1 deletion ocpp-common/src/main/java/eu/chargetime/ocpp/ListenerEvents.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ of this software and associated documentation files (the "Software"), to deal
import eu.chargetime.ocpp.model.SessionInformation;

public interface ListenerEvents {
void authenticateSession(SessionInformation information, String username, byte[] password)
void authenticateSession(SessionInformation information, String username, String password)
throws AuthenticationException;

void newSession(ISession session, SessionInformation information);
Expand Down
2 changes: 1 addition & 1 deletion ocpp-common/src/main/java/eu/chargetime/ocpp/Server.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public void open(String hostname, int port, ServerEvents serverEvents) {

@Override
public void authenticateSession(
SessionInformation information, String username, byte[] password)
SessionInformation information, String username, String password)
throws AuthenticationException {
serverEvents.authenticateSession(information, username, password);
}
Expand Down
2 changes: 1 addition & 1 deletion ocpp-common/src/main/java/eu/chargetime/ocpp/ServerEvents.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ of this software and associated documentation files (the "Software"), to deal
import java.util.UUID;

public interface ServerEvents {
void authenticateSession(SessionInformation information, String username, byte[] password) throws AuthenticationException;
void authenticateSession(SessionInformation information, String username, String password) throws AuthenticationException;

void newSession(UUID sessionIndex, SessionInformation information);

Expand Down
2 changes: 1 addition & 1 deletion ocpp-v1_6-test/src/main/java/eu/chargetime/ocpp/test/DummyHandlers.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ public ServerEvents generateServerEventsHandler() {
return new ServerEvents() {
@Override
public void authenticateSession(
SessionInformation information, String username, byte[] password) throws AuthenticationException {}
SessionInformation information, String username, String password) throws AuthenticationException {}

@Override
public void newSession(UUID sessionIndex, SessionInformation information) {
Expand Down
12 changes: 6 additions & 6 deletions ocpp-v2/src/main/java/eu/chargetime/ocpp/MultiProtocolWebSocketListener.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(
.build();

String username = null;
byte[] password = null;
String password = null;
if (clientHandshake.hasFieldValue("Authorization")) {
String authorization = clientHandshake.getFieldValue("Authorization");
if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
Expand All @@ -178,21 +178,21 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(
username =
new String(Arrays.copyOfRange(credDecoded, 0, i), StandardCharsets.UTF_8);
if (i + 1 < credDecoded.length) {
password = Arrays.copyOfRange(credDecoded, i + 1, credDecoded.length);
password = new String(Arrays.copyOfRange(credDecoded, i + 1, credDecoded.length));
}
break;
}
}
}
if (protocolVersion == null || protocolVersion == ProtocolVersion.OCPP1_6) {
if (password == null
|| password.length < configuration.getParameter(JSONConfiguration.OCPPJ_CP_MIN_PASSWORD_LENGTH, OCPPJ_CP_MIN_PASSWORD_LENGTH)
|| password.length > configuration.getParameter(JSONConfiguration.OCPPJ_CP_MAX_PASSWORD_LENGTH, OCPPJ_CP_MAX_PASSWORD_LENGTH))
|| password.length() < configuration.getParameter(JSONConfiguration.OCPPJ_CP_MIN_PASSWORD_LENGTH, OCPPJ_CP_MIN_PASSWORD_LENGTH)
|| password.length() > configuration.getParameter(JSONConfiguration.OCPPJ_CP_MAX_PASSWORD_LENGTH, OCPPJ_CP_MAX_PASSWORD_LENGTH))
throw new InvalidDataException(401, "Invalid password length");
} else {
if (password == null
|| password.length < configuration.getParameter(JSONConfiguration.OCPP2J_CP_MIN_PASSWORD_LENGTH, OCPP2J_CP_MIN_PASSWORD_LENGTH)
|| password.length > configuration.getParameter(JSONConfiguration.OCPP2J_CP_MAX_PASSWORD_LENGTH, OCPP2J_CP_MAX_PASSWORD_LENGTH))
|| password.length() < configuration.getParameter(JSONConfiguration.OCPP2J_CP_MIN_PASSWORD_LENGTH, OCPP2J_CP_MIN_PASSWORD_LENGTH)
|| password.length() > configuration.getParameter(JSONConfiguration.OCPP2J_CP_MAX_PASSWORD_LENGTH, OCPP2J_CP_MAX_PASSWORD_LENGTH))
throw new InvalidDataException(401, "Invalid password length");
}
}
Expand Down
2 changes: 1 addition & 1 deletion ocpp-v2_0-test/src/main/java/eu/chargetime/ocpp/test/FakeCentralSystem.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public void started() throws Exception {
new ServerEvents() {
@Override
public void authenticateSession(
SessionInformation information, String username, byte[] password) throws AuthenticationException {}
SessionInformation information, String username, String password) throws AuthenticationException {}

@Override
public void newSession(UUID sessionIndex, SessionInformation information) {
Expand Down
Loading