Win a copy of Reactive Streams in Java: Concurrency with RxJava, Reactor, and Akka Streams this week in the Reactive Progamming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

how to do the unit testing for the password hashing

 
Ranch Hand
Posts: 1325
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to know how to do the unit testing for the password hashing?

for example i used sha512 for hashing my password as below



So how can i do the unit testing for this function?
because i don't have the sat value for users as they are stored in DB
 
Marshal
Posts: 14046
234
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why would you need the salt as stored in the database? Sounds like a dubious approach to unit testing. Think of what behavior you're expecting from the method given known inputs. Because you know what the input values are, you should also know what your expected output is. That's all you need for unit testing. Basically, find input values that would test all edge cases, normal cases, and exceptional cases.
 
shawn peter
Ranch Hand
Posts: 1325
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to  know the salt as is it a one parameter of "get_SHA_512_SecurePassword" method. So if i am going to call that methos i need send salt as a one parameter.
 
Junilu Lacar
Marshal
Posts: 14046
234
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That wasn't my question. I asked why do you need to know the salt "as stored in the database"? Who cares where the salt value comes from? Just make one up! A unit test has to be repeatable. In order for it to be repeatable, you need to know exactly what you're using as input values for the test.

Say your salt is "123456789mySaltValue" -- this is a known value you can use for a unit test. To see if your method works properly, you'll need to know what your expected output is. What return value would you expect from the method if you gave "mySecretPassphrase" as the password to hash and "123456789mySaltValue" as the salt? That is essentially your unit test:


It really is that simple.
 
shawn peter
Ranch Hand
Posts: 1325
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have issue since i am saving salt as a byte array in DB. So when i am testing hashing function , i need t give the save salt to get the same hash value. But in DB it saves as a byte array which is not readable. I can get the hash password from the directly for a give user, but not the salt value. I am using SQL server, so the column type of the salt is varbinary. How can i get the exact salt value for a given user?
 
Junilu Lacar
Marshal
Posts: 14046
234
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One clarification: I am going by Michael Feathers' definition of a "unit test," namely that anything that touches the database is NOT a unit test.

Before you save the salt value to the DB as a byte array, what type of value do you have? I would assume a String but the actual type is not relevant to my point which is that anything that goes on between having the value in memory and saving that value in the DB as a byte array is outside the realm of concern of unit testing. Just write your unit test as though the translation from DB byte array to whatever native Java type has already occurred. Again, the type used to save the value in the DB is irrelevant to the unit test so why bother? Treat that as a separate problem.
 
shawn peter
Ranch Hand
Posts: 1325
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am following below tutorial.

https://www.baeldung.com/java-password-hashing

so the salt value in the java is a byte array. I am saving it as a byte array in DB also.
So how can i use it in my test class. For example if i write testmethod as below



 
shawn peter
Ranch Hand
Posts: 1325
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Finally i found the below site which can encode and decode the byte array to String . So i can convert the my stored byte array to the String value and used in test class.

http://www.utilities-online.info/base64/#.XVs2MugzaUl
 
Junilu Lacar
Marshal
Posts: 14046
234
Mac Android IntelliJ IDE Eclipse IDE Spring Debian Java Ubuntu Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to say "Obviously, use a new byte array with known byte values" but it doesn't seem that it's obvious to you. I'm just not understanding how it's not obvious.

The example code you cited uses this:

To write a unit test that is repeatable, you can't just use a randomly generated value though so use a known value. Here's one way you can do that:
     
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!