SEC-2122: Fix broken integration tests.

Modified BCryptPasswordEncoder to no longer throw an
IllegalArgumentException when the encoded password is empty or
the incorrect format for bcrypt. Instead it now logs a warning
that non bcrypt data was found.

The Dms integration tests were failing after being changed to
use bcrypt and this fixes the issue.

crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java

@@ -17,6 +17,8 @@ package org.springframework.security.crypto.bcrypt;
 
 import java.security.SecureRandom;
 import java.util.regex.Pattern;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 import org.springframework.security.crypto.password.PasswordEncoder;
 
@@ -30,6 +32,7 @@ import org.springframework.security.crypto.password.PasswordEncoder;
  */
 public class BCryptPasswordEncoder implements PasswordEncoder {
     private Pattern BCRYPT_PATTERN = Pattern.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
+    private final Log logger = LogFactory.getLog(getClass());
 
     private final int strength;
 
@@ -74,11 +77,13 @@ public class BCryptPasswordEncoder implements PasswordEncoder {
 
     public boolean matches(CharSequence rawPassword, String encodedPassword) {
         if (encodedPassword == null || encodedPassword.length() == 0) {
-            throw new IllegalArgumentException("Encoded password cannot be null or empty");
+            logger.warn("Empty encoded password");
+            return false;
         }
 
         if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
-            throw new IllegalArgumentException("Encoded password does not look like BCrypt");
+            logger.warn("Encoded password does not look like BCrypt");
+            return false;
         }
 
         return BCrypt.checkpw(rawPassword.toString(), encodedPassword);

crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoderTests.java

@@ -66,27 +66,20 @@ public class BCryptPasswordEncoderTests {
         assertTrue(encoder.matches("password", result));
     }
 
-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnNullEncodedValue() {
+    @Test
+    public void doesntMatchNullEncodedValue() {
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
         assertFalse(encoder.matches("password", null));
     }
 
-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnEmptyEncodedValue() {
+    @Test
+    public void doesntMatchEmptyEncodedValue() {
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
         assertFalse(encoder.matches("password", ""));
     }
 
-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnShortEncodedValue() {
-        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
-        String result = encoder.encode("password");
-        assertFalse(encoder.matches("password", result.substring(0, 4)));
-    }
-
-    @Test(expected = IllegalArgumentException.class)
-    public void barfsOnBogusEncodedValue() {
+    @Test
+    public void doesntMatchBogusEncodedValue() {
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
         assertFalse(encoder.matches("password", "012345678901234567890123456789"));
     }