myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu4...@apache.org
Subject svn commit: r951801 - in /myfaces/shared/trunk/core/src: main/java/org/apache/myfaces/shared/util/ test/java/org/apache/myfaces/shared/util/
Date Sun, 06 Jun 2010 02:08:59 GMT
Author: lu4242
Date: Sun Jun  6 02:08:58 2010
New Revision: 951801

URL: http://svn.apache.org/viewvc?rev=951801&view=rev
Log:
document web config params better and sync code

Added:
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsAES_CBCTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsBlowfish_ECBTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsDefaultTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsTripleDES_ECBTest.java
Modified:
    myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/AbstractStateUtilsTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/InitVector_CBCTestCase.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyCacheTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyConfigurationTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsAES_CBCTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsBlowfish_ECBTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsDefaultTest.java
    myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsTripleDES_ECBTest.java

Modified: myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java (original)
+++ myfaces/shared/trunk/core/src/main/java/org/apache/myfaces/shared/util/StateUtils.java Sun Jun  6 02:08:58 2010
@@ -25,8 +25,10 @@ import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.security.AccessController;
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
+import java.util.Arrays;
 import java.util.Random;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -34,10 +36,13 @@ import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
 
 import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import javax.faces.FacesException;
+import javax.faces.application.ViewExpiredException;
 import javax.faces.context.ExternalContext;
 import javax.servlet.ServletContext;
 
@@ -46,8 +51,9 @@ import org.apache.myfaces.buildtools.mav
 import org.apache.myfaces.shared.util.serial.SerialFactory;
 
 /**
- * <p>Handles encryption, serialization, compression and encoding.
- *
+ * <p>This Class exposes a handful of methods related to encryption,
+ * compression and serialization of the view state.</p>
+ * 
  * <ul>
  * <li>ISO-8859-1 is the character set used.</li>
  * <li>GZIP is used for all compression/decompression.</li>
@@ -55,6 +61,7 @@ import org.apache.myfaces.shared.util.se
  * <li>DES is the default encryption algorithm</li>
  * <li>ECB is the default mode</li>
  * <li>PKCS5Padding is the default padding</li>
+ * <li>HmacSHA1 is the default MAC algorithm</li>
  * <li>The default algorithm can be overridden using the
  * <i>org.apache.myfaces.ALGORITHM</i> parameter</li>
  * <li>The default mode and padding can be overridden using the
@@ -62,6 +69,8 @@ import org.apache.myfaces.shared.util.se
  * <li>This class has not been tested with modes other than ECB and CBC</li>
  * <li>An initialization vector can be specified via the
  * <i>org.apache.myfaces.ALGORITHM.IV</i> parameter</li>
+ * <li>The default MAC algorithm can be overridden using the
+ * <i>org.apache.myfaces.MAC_ALGORITHM</i> parameter</li>
  * </ul>
  *
  * <p>The secret is interpretted as base 64 encoded.  In other
@@ -80,7 +89,6 @@ import org.apache.myfaces.shared.util.se
  * @author Dennis C. Byrne
  * @see org.apache.myfaces.webapp.StartupServletContextListener
  */
-
 public final class StateUtils {
 
     //private static final Log log = LogFactory.getLog(StateUtils.class);
@@ -93,34 +101,82 @@ public final class StateUtils {
 
     public static final String INIT_PREFIX = "org.apache.myfaces.";
     
-    @JSFWebConfigParam(name="org.apache.myfaces.USE_ENCRYPTION",since="1.1")
+    /**
+     * Indicate if the view state is encrypted or not. By default, encryption is enabled.
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.USE_ENCRYPTION",since="1.1",defaultValue="true",expectedValues="true,false")
     public static final String USE_ENCRYPTION = INIT_PREFIX + "USE_ENCRYPTION";
     
     /**
-     * Used for encrypting view state. Only relevant for client side 
-     * state saving. See MyFaces wiki/web site documentation for instructions 
-     * on how to configure an application for different encryption strengths.
+     * Defines the secret (Base64 encoded) used to initialize the secret key
+     * for encryption algorithm. See MyFaces wiki/web site documentation 
+     * for instructions on how to configure an application for 
+     * different encryption strengths.
      */
     @JSFWebConfigParam(name="org.apache.myfaces.SECRET",since="1.1")
     public static final String INIT_SECRET = INIT_PREFIX + "SECRET";
     
-    @JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM",since="1.1")
+    /**
+     * Indicate the encryption algorithm used for encrypt the view state.
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM",since="1.1",defaultValue="DES")
     public static final String INIT_ALGORITHM = INIT_PREFIX + "ALGORITHM";
-    
+
+    /**
+     * If is set to "false", the secret key used for encryption algorithm is not cached. This is used
+     * when the returned SecretKey for encryption algorithm is not thread safe. 
+     */
     @JSFWebConfigParam(name="org.apache.myfaces.SECRET.CACHE",since="1.1")
     public static final String INIT_SECRET_KEY_CACHE = INIT_SECRET + ".CACHE";
     
+    /**
+     * Defines the initialization vector (Base64 encoded) used for the encryption algorithm
+     */
     @JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.IV",since="1.1")
     public static final String INIT_ALGORITHM_IV = INIT_ALGORITHM + ".IV";
     
-    @JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.PARAMETERS",since="1.1")
+    /**
+     * Defines the default mode and padding used for the encryption algorithm
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.ALGORITHM.PARAMETERS",since="1.1",defaultValue="ECB/PKCS5Padding")
     public static final String INIT_ALGORITHM_PARAM = INIT_ALGORITHM + ".PARAMETERS";
     
+    /**
+     * Defines the factory class name using for serialize/deserialize the view state returned 
+     * by state manager into a byte array. The expected class must implement
+     * org.apache.myfaces.shared.util.serial.SerialFactory interface.
+     */
     @JSFWebConfigParam(name="org.apache.myfaces.SERIAL_FACTORY", since="1.1")
     public static final String SERIAL_FACTORY = INIT_PREFIX + "SERIAL_FACTORY";
     
-    @JSFWebConfigParam(name="org.apache.myfaces.COMPRESS_STATE_IN_CLIENT",since="1.1")
-    private static final String COMPRESS_STATE_IN_CLIENT = INIT_PREFIX + "COMPRESS_STATE_IN_CLIENT";
+    /**
+     * Indicate if the view state should be compressed before encrypted(optional) and encoded
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.COMPRESS_STATE_IN_CLIENT",since="1.1",defaultValue="false",expectedValues="true,false")
+    public static final String COMPRESS_STATE_IN_CLIENT = INIT_PREFIX + "COMPRESS_STATE_IN_CLIENT";
+
+    public static final String DEFAULT_MAC_ALGORITHM = "HmacSHA1";
+
+    /**
+     * Indicate the algorithm used to calculate the Message Authentication Code that is
+     * added to the view state.
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.MAC_ALGORITHM",defaultValue="HmacSHA1")
+    public static final String INIT_MAC_ALGORITHM = "org.apache.myfaces.MAC_ALGORITHM";
+    
+    /**
+     * Define the initialization code that are used to initialize the secret key used
+     * on the Message Authentication Code algorithm
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET")
+    public static final String INIT_MAC_SECRET = "org.apache.myfaces.MAC_SECRET";
+
+    /**
+     * If is set to "false", the secret key used for MAC algorithm is not cached. This is used
+     * when the returned SecretKey for mac algorithm is not thread safe. 
+     */
+    @JSFWebConfigParam(name="org.apache.myfaces.MAC_SECRET.CACHE")
+    public static final String INIT_MAC_SECRET_KEY_CACHE = "org.apache.myfaces.MAC_SECRET.CACHE";
     
     /** Utility class, do not instatiate */
     private StateUtils()
@@ -131,8 +187,18 @@ public final class StateUtils {
     private static void testConfiguration(ExternalContext ctx){
 
         String algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM);
+        
+        if (algorithmParams == null)
+        {
+            algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM.toLowerCase());
+        }
         String iv = ctx.getInitParameter(INIT_ALGORITHM_IV);
         
+        if (iv == null)
+        {
+            iv = ctx.getInitParameter(INIT_ALGORITHM_IV.toLowerCase());
+        }
+        
         if (algorithmParams != null && algorithmParams.startsWith("CBC") )
         {
             if(iv == null)
@@ -141,7 +207,7 @@ public final class StateUtils {
                                     " but no initialization vector has been set " +
                                     " with " + INIT_ALGORITHM_IV);
         }
-        
+
     }
     
     public static boolean enableCompression(ExternalContext ctx)
@@ -220,7 +286,53 @@ public final class StateUtils {
 
     public static byte[] encrypt(byte[] insecure, ExternalContext ctx)
     {
-        return symmetric(insecure, ctx, Cipher.ENCRYPT_MODE);
+
+        if (ctx == null)
+            throw new NullPointerException("ExternalContext ctx");
+
+        testConfiguration(ctx);
+        
+        SecretKey secretKey = (SecretKey) getSecret(ctx);
+        String algorithm = findAlgorithm(ctx);
+        String algorithmParams = findAlgorithmParams(ctx);
+        byte[] iv = findInitializationVector(ctx);
+        
+        SecretKey macSecretKey = (SecretKey) getMacSecret(ctx);
+        String macAlgorithm = findMacAlgorithm(ctx);
+                
+        try
+        {
+            // keep local to avoid threading issue
+            Mac mac = Mac.getInstance(macAlgorithm);
+            mac.init(macSecretKey);
+            Cipher cipher = Cipher.getInstance(algorithm + "/" + algorithmParams);
+            if (iv != null)
+            {
+                IvParameterSpec ivSpec = new IvParameterSpec(iv);
+                cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
+            }
+            else
+            {
+                cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+            }
+            if (log.isLoggable(Level.FINE))
+            {
+                log.fine("encrypting w/ " + algorithm + "/" + algorithmParams);
+            }
+            
+            //EtM Composition Approach
+            int macLenght = mac.getMacLength();
+            byte[] secure = new byte[cipher.getOutputSize(insecure.length)+ macLenght];
+            int secureCount = cipher.doFinal(insecure,0,insecure.length,secure);
+            mac.update(secure, 0, secureCount);
+            mac.doFinal(secure, secureCount);
+                        
+            return secure;
+        }
+        catch (Exception e)
+        {
+            throw new FacesException(e);
+        }
     }
 
     public static final byte[] compress(byte[] bytes)
@@ -252,11 +364,14 @@ public final class StateUtils {
     /**
      * This fires during the Restore View phase, restoring state.
      */
-
-    public static final Object reconstruct(String string, ExternalContext ctx){
+    public static final Object reconstruct(String string, ExternalContext ctx)
+    {
         byte[] bytes;
         try
         {
+            if(log.isLoggable(Level.FINE))
+                log.fine("Processing state : "+string);
+
             bytes = string.getBytes(ZIP_CHARSET);
             bytes = decode(bytes);
             if(isSecure(ctx))
@@ -265,9 +380,13 @@ public final class StateUtils {
                 bytes = decompress(bytes);
             return getAsObject(bytes, ctx);
         }
-        catch (UnsupportedEncodingException e)
+        catch (Throwable e)
         {
-            throw new FacesException(e);
+            if (log.isLoggable(Level.SEVERE))
+            {
+                log.log(Level.SEVERE, "View State cannot be reconstructed", e);
+            }
+            return null;
         }
     }
 
@@ -311,7 +430,65 @@ public final class StateUtils {
     
     public static byte[] decrypt(byte[] secure, ExternalContext ctx)
     {
-        return symmetric(secure, ctx, Cipher.DECRYPT_MODE); 
+        if (ctx == null)
+            throw new NullPointerException("ExternalContext ctx");
+
+        testConfiguration(ctx);
+                
+        SecretKey secretKey = (SecretKey) getSecret(ctx);
+        String algorithm = findAlgorithm(ctx);
+        String algorithmParams = findAlgorithmParams(ctx);
+        byte[] iv = findInitializationVector(ctx);
+        
+        SecretKey macSecretKey = (SecretKey) getMacSecret(ctx);
+        String macAlgorithm = findMacAlgorithm(ctx);
+
+        try
+        {
+            // keep local to avoid threading issue
+            Mac mac = Mac.getInstance(macAlgorithm);
+            mac.init(macSecretKey);
+            Cipher cipher = Cipher.getInstance(algorithm + "/"
+                    + algorithmParams);
+            if (iv != null)
+            {
+                IvParameterSpec ivSpec = new IvParameterSpec(iv);
+                cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
+            }
+            else
+            {
+                cipher.init(Cipher.DECRYPT_MODE, secretKey);
+            }
+            if (log.isLoggable(Level.FINE))
+            {
+                log.fine("decrypting w/ " + algorithm + "/" + algorithmParams);
+            }
+
+            //EtM Composition Approach
+            int macLenght = mac.getMacLength();
+            mac.update(secure, 0, secure.length-macLenght);
+            byte[] signedDigestHash = mac.doFinal();
+
+            boolean isMacEqual = true;
+            for (int i = 0; i < signedDigestHash.length; i++)
+            {
+                if (signedDigestHash[i] != secure[secure.length-macLenght+i])
+                {
+                    isMacEqual = false;
+                    break;
+                }
+            }
+            if (!isMacEqual)
+            {
+                throw new ViewExpiredException();
+            }
+            
+            return cipher.doFinal(secure, 0, secure.length-macLenght);
+        }
+        catch (Exception e)
+        {
+            throw new FacesException(e);
+        }
     }
 
     /**
@@ -430,96 +607,27 @@ public final class StateUtils {
     }
 
     /**
-     * Utility method for generating base 63 encoded strings.
+     * Utility method for generating base 64 encoded strings.
      * 
      * @param args
      * @throws UnsupportedEncodingException
      */
-    
     public static void main (String[] args) throws UnsupportedEncodingException
     {
         byte[] bytes = encode(args[0].getBytes(ZIP_CHARSET));
           System.out.println(new String(bytes, ZIP_CHARSET));
     }
-    
-    private static byte[] symmetric(byte[] data, SecretKey secretKey,
-            String algorithm, String algorithmParams, byte[] iv, int mode){
-    
-        try
-        {
-            // keep local to avoid threading issue
-            Cipher cipher = Cipher.getInstance(algorithm + "/"
-                    + algorithmParams);
-            if (iv != null)
-            {
-                IvParameterSpec ivSpec = new IvParameterSpec(iv);
-                cipher.init(mode, secretKey, ivSpec);
-            }
-            else
-            {
-                cipher.init(mode, secretKey);
-            }
-
-            if (log.isLoggable(Level.FINE))
-            {
-
-                String action = mode == Cipher.ENCRYPT_MODE ? "encrypting"
-                        : "decrypting";
-
-                log.fine(action + " w/ " + algorithm + "/" + algorithmParams);
-            }
-
-            return cipher.doFinal(data);
-        }
-        catch (Exception e)
-        {
-            throw new FacesException(e);
-        }
-    
-    }
-
-    /**
-     * Pulls configuration data from the context and performs symmetric encryption
-     * or decryption.  If a SecretKey is not located in an application scope level
-     * cache, it is created.
-     * 
-     * @param data
-     * @param ctx
-     * @param mode
-     * @return
-     */
-    
-    private static byte[] symmetric(byte[] data, ExternalContext ctx, int mode)
-    {
-
-        if (ctx == null)
-            throw new NullPointerException("ExternalContext ctx");
-
-        testConfiguration(ctx);
-        
-        String _algorithm = findAlgorithm(ctx);
-        String _algorithmParams = findAlgorithmParams(ctx);
-        byte[] iv = findInitializationVector(ctx);
-            
-        Object object = ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
-        
-        if( object == null )
-            throw new NullPointerException("Could not find SecretKey in application scope using key '" 
-                    + INIT_SECRET_KEY_CACHE + "'");
-        
-        if( ! ( object instanceof SecretKey ) )
-            throw new ClassCastException("Did not find an instance of SecretKey "
-                    + "in application scope using the key '" + INIT_SECRET_KEY_CACHE + "'");
-        
-        return symmetric(data, (SecretKey)object, _algorithm, _algorithmParams, iv, mode);
-            
-    }
 
     private static byte[] findInitializationVector(ExternalContext ctx) {
         
         byte[] iv = null;
         String _iv = ctx.getInitParameter(INIT_ALGORITHM_IV);
         
+        if(_iv == null)
+        {
+            _iv = ctx.getInitParameter(INIT_ALGORITHM_IV.toLowerCase());
+        }
+        
         if (_iv != null)
             iv = new Base64().decode(_iv.getBytes());
         
@@ -532,6 +640,11 @@ public final class StateUtils {
         
         if (algorithmParams == null)
         {
+            algorithmParams = ctx.getInitParameter(INIT_ALGORITHM_PARAM.toLowerCase());
+        }
+        
+        if (algorithmParams == null)
+        {
             algorithmParams = DEFAULT_ALGORITHM_PARAMS;
         }
         
@@ -545,14 +658,26 @@ public final class StateUtils {
 
     private static String findAlgorithm(ExternalContext ctx) {
         
-        return findAlgorithm( ctx.getInitParameter(INIT_ALGORITHM) );
+        String algorithm = ctx.getInitParameter(INIT_ALGORITHM);
+        
+        if (algorithm == null)
+        {
+            algorithm = ctx.getInitParameter(INIT_ALGORITHM.toLowerCase());
+        }
 
+        return findAlgorithm( algorithm );
     }
     
     private static String findAlgorithm(ServletContext ctx) {
+
+        String algorithm = ctx.getInitParameter(INIT_ALGORITHM);
         
-        return findAlgorithm( ctx.getInitParameter(INIT_ALGORITHM) );
-        
+        if (algorithm == null)
+        {
+            algorithm = ctx.getInitParameter(INIT_ALGORITHM.toLowerCase());
+        }
+
+        return findAlgorithm( algorithm );
     }
     
     private static String findAlgorithm(String initParam) {
@@ -588,31 +713,285 @@ public final class StateUtils {
         
         if (log.isLoggable(Level.FINE))
             log.fine("Storing SecretKey @ " + INIT_SECRET_KEY_CACHE);
+
+        // Create and store SecretKey on application scope
+        String cache = ctx.getInitParameter(INIT_SECRET_KEY_CACHE);
+        
+        if(cache == null)
+        {
+            cache = ctx.getInitParameter(INIT_SECRET_KEY_CACHE.toLowerCase());
+        }
+        
+        if (!"false".equals(cache))
+        {
+            String algorithm = findAlgorithm(ctx);
+            // you want to create this as few times as possible
+            ctx.setAttribute(INIT_SECRET_KEY_CACHE, new SecretKeySpec(findSecret(ctx, algorithm), algorithm));
+        }
+
+        if (log.isLoggable(Level.FINE))
+            log.fine("Storing SecretKey @ " + INIT_MAC_SECRET_KEY_CACHE);
         
-        // you want to create this as few times as possible
-        ctx.setAttribute(INIT_SECRET_KEY_CACHE, new SecretKeySpec(findSecret(ctx), findAlgorithm(ctx)));
+        String macCache = ctx.getInitParameter(INIT_MAC_SECRET_KEY_CACHE);
         
+        if(macCache == null)
+        {
+            macCache = ctx.getInitParameter(INIT_MAC_SECRET_KEY_CACHE.toLowerCase());
+        }
+        
+        if (!"false".equals(macCache))
+        {
+            String macAlgorithm = findMacAlgorithm(ctx);
+            // init mac secret and algorithm 
+            ctx.setAttribute(INIT_MAC_SECRET_KEY_CACHE, new SecretKeySpec(findMacSecret(ctx, macAlgorithm), macAlgorithm));
+        }
+    }
+    
+    private static SecretKey getSecret(ExternalContext ctx)
+    {
+        Object secretKey = (SecretKey) ctx.getApplicationMap().get(INIT_SECRET_KEY_CACHE);
+        
+        if (secretKey == null)
+        {
+            String cache = ctx.getInitParameter(INIT_SECRET_KEY_CACHE);
+            
+            if(cache == null)
+            {
+                cache = ctx.getInitParameter(INIT_SECRET_KEY_CACHE.toLowerCase());
+            }
+            
+            if ("false".equals(cache))
+            {
+                // No cache is used. This option is activated
+                String secret = ctx.getInitParameter(INIT_SECRET);
+                
+                if (secret == null)
+                {
+                    secret = ctx.getInitParameter(INIT_SECRET.toLowerCase());
+                }
+
+                if (secret == null)
+                {
+                    throw new NullPointerException("Could not find secret using key '" + INIT_SECRET + "'");
+                }
+                
+                String algorithm = findAlgorithm(ctx);
+                
+                secretKey = new SecretKeySpec(findSecret(ctx, algorithm), algorithm);
+            }
+            else
+            {
+                throw new NullPointerException("Could not find SecretKey in application scope using key '" 
+                        + INIT_SECRET_KEY_CACHE + "'");
+            }
+        }
+        
+        if( ! ( secretKey instanceof SecretKey ) )
+            throw new ClassCastException("Did not find an instance of SecretKey "
+                    + "in application scope using the key '" + INIT_SECRET_KEY_CACHE + "'");
+
+        
+        return (SecretKey) secretKey;
     }
 
-    private static byte[] findSecret(ServletContext ctx) {
-        String _secret = ctx.getInitParameter(INIT_SECRET);
+    private static byte[] findSecret(ExternalContext ctx, String algorithm)
+    {
+        String secret = ctx.getInitParameter(INIT_SECRET);
+        
+        if (secret == null)
+        {
+            secret = ctx.getInitParameter(INIT_SECRET.toLowerCase());
+        }
+        
+        return findSecret(secret, algorithm);
+    }    
+    
+    private static byte[] findSecret(ServletContext ctx, String algorithm)
+    {
+        String secret = ctx.getInitParameter(INIT_SECRET);
+        
+        if (secret == null)
+        {
+            secret = ctx.getInitParameter(INIT_SECRET.toLowerCase());
+        }
+        
+        return findSecret(secret, algorithm);
+    }
+    
+    private static byte[] findSecret(String secret, String algorithm) {
         byte[] bytes = null;
         
-        if(_secret == null)
+        if(secret == null)
         {
-            int length = 8;
-            bytes = new byte[length];
-            new Random().nextBytes(bytes);
-            
-            if(log.isLoggable(Level.FINE))
-                log.fine("generated random password of length " + length);
+            try
+            {
+                KeyGenerator kg = KeyGenerator.getInstance(algorithm);
+                bytes = kg.generateKey().getEncoded();
+                
+                if(log.isLoggable(Level.FINE))
+                    log.fine("generated random password of length " + bytes.length);
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                // Generate random password length 8, 
+                int length = 8;
+                bytes = new byte[length];
+                new Random().nextBytes(bytes);
+                
+                if(log.isLoggable(Level.FINE))
+                    log.fine("generated random password of length " + length);
+            }
         }
         else 
         {
-            bytes = new Base64().decode(_secret.getBytes());
+            bytes = new Base64().decode(secret.getBytes());
         }
         
         return bytes;
     }
 
+    private static String findMacAlgorithm(ExternalContext ctx) {
+        
+        String algorithm = ctx.getInitParameter(INIT_MAC_ALGORITHM);
+        
+        if (algorithm == null)
+        {
+            algorithm = ctx.getInitParameter(INIT_MAC_ALGORITHM.toLowerCase());
+        }
+
+        return findMacAlgorithm( algorithm );
+
+    }
+    
+    private static String findMacAlgorithm(ServletContext ctx) {
+
+        String algorithm = ctx.getInitParameter(INIT_MAC_ALGORITHM);
+        
+        if (algorithm == null)
+        {
+            algorithm = ctx.getInitParameter(INIT_MAC_ALGORITHM.toLowerCase());
+        }
+
+        return findMacAlgorithm( algorithm );
+        
+    }
+    
+    private static String findMacAlgorithm(String initParam) {
+        
+        if (initParam == null)
+        {
+            initParam = DEFAULT_MAC_ALGORITHM;
+        }
+        
+        if (log.isLoggable(Level.FINE))
+        {
+            log.fine("Using algorithm " + initParam);
+        }
+        
+        return initParam;
+        
+    }
+    
+    private static SecretKey getMacSecret(ExternalContext ctx)
+    {
+        Object secretKey = (SecretKey) ctx.getApplicationMap().get(INIT_MAC_SECRET_KEY_CACHE);
+        
+        if (secretKey == null)
+        {
+            String cache = ctx.getInitParameter(INIT_MAC_SECRET_KEY_CACHE);
+            
+            if(cache == null)
+            {
+                cache = ctx.getInitParameter(INIT_MAC_SECRET_KEY_CACHE.toLowerCase());
+            }
+            
+            if ("false".equals(cache))
+            {
+                // No cache is used. This option is activated
+                String secret = ctx.getInitParameter(INIT_MAC_SECRET);
+                
+                if (secret == null)
+                {
+                    secret = ctx.getInitParameter(INIT_MAC_SECRET.toLowerCase());
+                }
+                
+                if (secret == null)
+                {
+                    throw new NullPointerException("Could not find secret using key '" + INIT_MAC_SECRET + "'");
+                }
+                
+                String macAlgorithm = findMacAlgorithm(ctx);
+
+                secretKey = new SecretKeySpec(findMacSecret(ctx, macAlgorithm), macAlgorithm);
+            }
+            else
+            {
+                throw new NullPointerException("Could not find SecretKey in application scope using key '" 
+                        + INIT_MAC_SECRET_KEY_CACHE + "'");
+            }
+        }
+        
+        if( ! ( secretKey instanceof SecretKey ) )
+            throw new ClassCastException("Did not find an instance of SecretKey "
+                    + "in application scope using the key '" + INIT_MAC_SECRET_KEY_CACHE + "'");
+
+        
+        return (SecretKey) secretKey;
+    }
+
+    private static byte[] findMacSecret(ExternalContext ctx, String algorithm)
+    {
+        String secret = ctx.getInitParameter(INIT_MAC_SECRET);
+        
+        if (secret == null)
+        {
+            secret = ctx.getInitParameter(INIT_MAC_SECRET.toLowerCase());
+        }
+ 
+        return findMacSecret(secret, algorithm);
+    }    
+    
+    private static byte[] findMacSecret(ServletContext ctx, String algorithm)
+    {
+        String secret = ctx.getInitParameter(INIT_MAC_SECRET);
+        
+        if (secret == null)
+        {
+            secret = ctx.getInitParameter(INIT_MAC_SECRET.toLowerCase());
+        }
+        
+        return findMacSecret(secret, algorithm);
+    }
+
+    private static byte[] findMacSecret(String secret, String algorithm) {
+        byte[] bytes = null;
+        
+        if(secret == null)
+        {
+            try
+            {
+                KeyGenerator kg = KeyGenerator.getInstance(algorithm);
+                bytes = kg.generateKey().getEncoded();
+                
+                if(log.isLoggable(Level.FINE))
+                    log.fine("generated random mac password of length " + bytes.length);
+            }
+            catch (NoSuchAlgorithmException e)
+            {
+                // Generate random password length 8, 
+                int length = 8;
+                bytes = new byte[length];
+                new Random().nextBytes(bytes);
+                
+                if(log.isLoggable(Level.FINE))
+                    log.fine("generated random mac password of length " + length);
+            }
+        }
+        else 
+        {
+            bytes = new Base64().decode(secret.getBytes());
+        }
+        
+        return bytes;
+    }
 }

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/AbstractStateUtilsTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/AbstractStateUtilsTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/AbstractStateUtilsTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/AbstractStateUtilsTest.java Sun Jun  6 02:08:58 2010
@@ -166,7 +166,8 @@ public abstract class AbstractStateUtils
     {
         byte[] sensitiveBytes = sensitiveString.getBytes();
         byte[] secure = StateUtils.encrypt(sensitiveBytes, externalContext);
-        secure[3] = (byte) 1;
+        
+        secure[secure.length-5] = (byte) 1;
         try
         {
             byte[] insecure = StateUtils.decrypt(secure, externalContext);

Added: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsAES_CBCTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsAES_CBCTest.java?rev=951801&view=auto
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsAES_CBCTest.java (added)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsAES_CBCTest.java Sun Jun  6 02:08:58 2010
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.myfaces.shared.util;
+
+import junit.framework.Test;
+
+/**
+ * <p>This TestCase uses the Advanced Encryption Standard with
+ * Cipher Block Chaining mode and PKCS5 padding.</p>
+ * <p/>
+ * <p/>
+ * If you are getting a SecurityException complaining about keysize,
+ * you most likely need to get the unlimited strength jurisdiction
+ * policy files from a place like http://java.sun.com/j2se/1.4.2/download.html .
+ * </p>
+ *
+ * @see pom.xml <excludes>
+ * @author Dennis C. Byrne
+ */
+
+public class CachedStateUtilsAES_CBCTest extends AbstractStateUtilsTest
+{
+
+    public CachedStateUtilsAES_CBCTest(String name)
+    {
+        super(name);
+    }
+    
+    public static Test suite() {
+        return null; // keep this method or maven won't run it
+    }
+
+    public void setUp() throws Exception
+    {
+        super.setUp();
+
+        servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_24);
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "AES");
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "CBC/PKCS5Padding");
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_IV, BASE64_KEY_SIZE_16);
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, BASE64_KEY_SIZE_8);
+        StateUtils.initSecret(servletContext);
+    }
+
+}

Added: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsBlowfish_ECBTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsBlowfish_ECBTest.java?rev=951801&view=auto
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsBlowfish_ECBTest.java (added)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsBlowfish_ECBTest.java Sun Jun  6 02:08:58 2010
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.myfaces.shared.util;
+
+import junit.framework.Test;
+
+/**
+ * @author Dennis C. Byrne
+ */
+
+public class CachedStateUtilsBlowfish_ECBTest extends AbstractStateUtilsTest
+{
+
+    public CachedStateUtilsBlowfish_ECBTest(String name)
+    {
+        super(name);
+    }
+    
+    public static Test suite() {
+        return null; // keep this method or maven won't run it
+    }
+    
+    public void setUp() throws Exception
+    {
+        super.setUp();
+
+        servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_16);
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "Blowfish");
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "ECB/PKCS5Padding");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, BASE64_KEY_SIZE_8);
+        StateUtils.initSecret(servletContext);
+
+    }
+
+}

Added: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsDefaultTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsDefaultTest.java?rev=951801&view=auto
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsDefaultTest.java (added)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsDefaultTest.java Sun Jun  6 02:08:58 2010
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.myfaces.shared.util;
+
+import junit.framework.Test;
+
+/**
+ * @author Dennis C. Byrne
+ */
+
+public class CachedStateUtilsDefaultTest extends AbstractStateUtilsTest
+{
+
+    public CachedStateUtilsDefaultTest(String name)
+    {
+        super(name);
+    }
+    
+    public static Test suite() {
+        return null; // keep this method or maven won't run it
+    }
+
+    public void setUp() throws Exception
+    {
+        super.setUp();
+
+        servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_8);
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, StateUtils.DEFAULT_ALGORITHM);
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, StateUtils.DEFAULT_ALGORITHM_PARAMS);
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, BASE64_KEY_SIZE_8);
+        StateUtils.initSecret(servletContext);
+
+    }
+
+}

Added: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsTripleDES_ECBTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsTripleDES_ECBTest.java?rev=951801&view=auto
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsTripleDES_ECBTest.java (added)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/CachedStateUtilsTripleDES_ECBTest.java Sun Jun  6 02:08:58 2010
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.myfaces.shared.util;
+
+import junit.framework.Test;
+
+/**
+ * @author Dennis C. Byrne
+ */
+
+public class CachedStateUtilsTripleDES_ECBTest extends AbstractStateUtilsTest
+{
+
+    public CachedStateUtilsTripleDES_ECBTest(String name)
+    {
+        super(name);
+    }
+
+    public static Test suite() {
+        return null; // keep this method or maven won't run it
+    }
+
+    public void setUp() throws Exception
+    {
+        super.setUp();
+
+        servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_24);
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "DESede");
+        servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "ECB/PKCS5Padding");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, BASE64_KEY_SIZE_8);
+        StateUtils.initSecret(servletContext);
+
+    }
+}

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/InitVector_CBCTestCase.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/InitVector_CBCTestCase.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/InitVector_CBCTestCase.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/InitVector_CBCTestCase.java Sun Jun  6 02:08:58 2010
@@ -44,6 +44,7 @@ public class InitVector_CBCTestCase exte
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "shouldn't matter either");
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "CBC/PKCS5Padding");
         servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, "shouldn't matter");
         // DO NOT UNCOMMENT THIS ! we are simulating a bad conf
         //servletContext.addInitParameter(org.apache.myfaces.shared.util.StateUtils.INIT_ALGORITHM_IV, BASE64_KEY_SIZE_16);        
         

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyCacheTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyCacheTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyCacheTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyCacheTest.java Sun Jun  6 02:08:58 2010
@@ -44,7 +44,7 @@ public class SecretKeyCacheTest extends 
         
         servletContext.addInitParameter(StateUtils.INIT_SECRET, 
                 AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
-        
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
     }
 
     public void testDefaultAlgorithmUse(){
@@ -59,6 +59,18 @@ public class SecretKeyCacheTest extends 
         
     }
     
+    public void testInitFacesWithoutCache(){
+
+        servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        
+        StateUtils.initSecret(servletContext);
+
+        Object object = servletContext.getAttribute(StateUtils.INIT_SECRET_KEY_CACHE);
+        
+        assertNull("Making sure StateUtils.initSecret does not create a SecretKey", object);
+        
+    }
+    
     public void testInitFacesWithCache(){
         
         StateUtils.initSecret(servletContext);

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyConfigurationTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyConfigurationTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyConfigurationTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/SecretKeyConfigurationTest.java Sun Jun  6 02:08:58 2010
@@ -40,6 +40,7 @@ public class SecretKeyConfigurationTest 
     {
         super.setUp();
         servletContext.addInitParameter(StateUtils.INIT_SECRET, "shouldn't matter");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
         
     }
 

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsAES_CBCTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsAES_CBCTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsAES_CBCTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsAES_CBCTest.java Sun Jun  6 02:08:58 2010
@@ -50,6 +50,8 @@ public class StateUtilsAES_CBCTest exten
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "AES");
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "CBC/PKCS5Padding");
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_IV, BASE64_KEY_SIZE_16);
+        servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
         StateUtils.initSecret(servletContext);// should do nothing
 
     }

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsBlowfish_ECBTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsBlowfish_ECBTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsBlowfish_ECBTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsBlowfish_ECBTest.java Sun Jun  6 02:08:58 2010
@@ -48,6 +48,8 @@ public class StateUtilsBlowfish_ECBTest 
         servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_16);
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "Blowfish");
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "ECB/PKCS5Padding");
+        servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
         StateUtils.initSecret(servletContext);// should do nothing
 
     }

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsDefaultTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsDefaultTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsDefaultTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsDefaultTest.java Sun Jun  6 02:08:58 2010
@@ -42,6 +42,8 @@ public class StateUtilsDefaultTest exten
         servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_8);
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, StateUtils.DEFAULT_ALGORITHM);
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, StateUtils.DEFAULT_ALGORITHM_PARAMS);
+        servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
         StateUtils.initSecret(servletContext);// should do nothing
 
     }

Modified: myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsTripleDES_ECBTest.java
URL: http://svn.apache.org/viewvc/myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsTripleDES_ECBTest.java?rev=951801&r1=951800&r2=951801&view=diff
==============================================================================
--- myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsTripleDES_ECBTest.java (original)
+++ myfaces/shared/trunk/core/src/test/java/org/apache/myfaces/shared/util/StateUtilsTripleDES_ECBTest.java Sun Jun  6 02:08:58 2010
@@ -48,6 +48,8 @@ public class StateUtilsTripleDES_ECBTest
         servletContext.addInitParameter(StateUtils.INIT_SECRET, BASE64_KEY_SIZE_24);
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM, "DESede");
         servletContext.addInitParameter(StateUtils.INIT_ALGORITHM_PARAM, "ECB/PKCS5Padding");
+        servletContext.addInitParameter(StateUtils.INIT_SECRET_KEY_CACHE, "false");
+        servletContext.addInitParameter(StateUtils.INIT_MAC_SECRET, AbstractStateUtilsTest.BASE64_KEY_SIZE_8);
         StateUtils.initSecret(servletContext); // should do nothing
 
     }



Mime
View raw message