Testing password lenbth to be between 16 and 20 bytes, charge point name to be string rather than byte[]

Author: dmitryb-asg

OCPP-J/src/main/java/eu/chargetime/ocpp/WebSocketListener.java

@@ -50,7 +50,8 @@ public class WebSocketListener implements Listener {
 
   private static final int TIMEOUT_IN_MILLIS = 10000;
 
-  private static final int OCPPJ_CP_PASSWORD_LENGTH = 20;
+  private static final int OCPPJ_CP_MIN_PASSWORD_LENGTH = 16;
+  private static final int OCPPJ_CP_MAX_PASSWORD_LENGTH = 20;
 
   private final ISessionFactory sessionFactory;
   private final List<Draft> drafts;
@@ -124,7 +125,8 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(WebSocket web
                             .InternetAddress(webSocket.getRemoteSocketAddress())
                             .build();
 
-            byte[] username = null, password = null;
+            String username = null;
+            byte[] password = null;
             if (clientHandshake.hasFieldValue("Authorization")) {
               String authorization = clientHandshake.getFieldValue("Authorization");
               if (authorization != null && authorization.toLowerCase().startsWith("basic")) {
@@ -134,15 +136,16 @@ public ServerHandshakeBuilder onWebsocketHandshakeReceivedAsServer(WebSocket web
                 // split credentials on username and password
                 for (int i = 0; i < credDecoded.length; i++) {
                   if (credDecoded[i] == ':') {
-                    username = Arrays.copyOfRange(credDecoded, 0, i);
+                    username = new String(Arrays.copyOfRange(credDecoded, 0, i), StandardCharsets.UTF_8);
                     if (i != credDecoded.length - 1) {
                       password = Arrays.copyOfRange(credDecoded, i + 1, credDecoded.length);
                     }
                     break;
                   }
                 }
               }
-              if (password == null || password.length != OCPPJ_CP_PASSWORD_LENGTH) throw new InvalidDataException(401, "Invalid password length");
+              if (password == null || password.length < OCPPJ_CP_MIN_PASSWORD_LENGTH || password.length > OCPPJ_CP_MAX_PASSWORD_LENGTH)
+                throw new InvalidDataException(401, "Invalid password length");
             }
 
             try {

ocpp-common/src/main/java/eu/chargetime/ocpp/ListenerEvents.java

@@ -28,6 +28,6 @@ of this software and associated documentation files (the "Software"), to deal
 import eu.chargetime.ocpp.model.SessionInformation;
 
 public interface ListenerEvents {
-  void authenticateSession(SessionInformation information, byte[] username, byte[] password) throws AuthenticationException;
+  void authenticateSession(SessionInformation information, String username, byte[] password) throws AuthenticationException;
   void newSession(ISession session, SessionInformation information);
 }

ocpp-common/src/main/java/eu/chargetime/ocpp/Server.java

@@ -83,7 +83,7 @@ public void open(String hostname, int port, ServerEvents serverEvents) {
         new ListenerEvents() {
 
           @Override
-          public void authenticateSession(SessionInformation information, byte[] username, byte[] password) throws AuthenticationException {
+          public void authenticateSession(SessionInformation information, String username, byte[] password) throws AuthenticationException {
             serverEvents.authenticateSession(information, username, password);
           }
 

ocpp-common/src/main/java/eu/chargetime/ocpp/ServerEvents.java

@@ -29,7 +29,7 @@ of this software and associated documentation files (the "Software"), to deal
 import java.util.UUID;
 
 public interface ServerEvents {
-  default void authenticateSession(SessionInformation information, byte[] username, byte[] password) throws AuthenticationException {}
+  default void authenticateSession(SessionInformation information, String username, byte[] password) throws AuthenticationException {}
 
   void newSession(UUID sessionIndex, SessionInformation information);