You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Oki DZ <ok...@pindad.com> on 2003/06/11 09:07:00 UTC
MimeUtility
Hi,
The hashed strings generated by the o.a.j.security.DigestUtil is not
compatible with the ones generated by MySQL.
okidz@okidz:~/java$ java org.apache.james.security.DigestUtil -alg SHA
test01
Hash is: wlp5xXkGunAns204AjDbkrvA
okidz@okidz:~/java$ gojames
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5547 to server version: 4.0.8-gamma-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> select sha('test01');
+------------------------------------------+
| sha('test01') |
+------------------------------------------+
| c25a79c57906ba7027b36d380230db92bbc0fd64 |
+------------------------------------------+
1 row in set (0.04 sec)
The same thing for the MD5.
I believe the problem lies on this line
OutputStream encodedStream = MimeUtility.encode(bos, "base64");
in method DigestUtil.digestString(String, String). The encoder is not
quite the same.
If I used the org.apache.catalina.util.MD5Encoder, the output were the
same. I had changed the code a bit, to:
MD5Encoder encoder;
String encoded;
md = MessageDigest.getInstance(algorithm);
byte[] digest = md.digest(pass.getBytes("iso-8859-1"));
encoder = new MD5Encoder();
encoded = encoder.encode(digest);
then the value of encoded and the output by "select md5('test01');" in
MySQL would be the same. As it would by the md5sum command line.
I think it would be great if the <user-store> element in the config.xml
file had a subelement that defines the DigestUtil used; so that
different encoders could be used without having to edit the james.jar.
Oki
---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org