You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/10/27 13:59:52 UTC
svn commit: r1027928 -
/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Author: kayyagari
Date: Wed Oct 27 11:59:51 2010
New Revision: 1027928
URL: http://svn.apache.org/viewvc?rev=1027928&view=rev
Log:
o fixed a bug in creating a string representation of a hashed password using CRYPT algorithm
Modified:
directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java?rev=1027928&r1=1027927&r2=1027928&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authn/PasswordUtil.java Wed Oct 27 11:59:51 2010
@@ -31,6 +31,7 @@ import java.util.Date;
import java.util.Iterator;
import java.util.List;
+import org.apache.directory.server.core.PasswordPolicyConfiguration;
import org.apache.directory.shared.ldap.constants.LdapSecurityConstants;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Value;
@@ -143,7 +144,14 @@ public class PasswordUtil
break;
case HASH_METHOD_CRYPT:
- salt = null; // we calculate this salt in encryptPassword() method
+ salt = new byte[2];
+ SecureRandom sr = new SecureRandom();
+ int i1 = sr.nextInt( 64 );
+ int i2 = sr.nextInt( 64 );
+
+ salt[0] = ( byte ) ( i1 < 12 ? ( i1 + '.' ) : i1 < 38 ? ( i1 + 'A' - 12 ) : ( i1 + 'a' - 38 ) );
+ salt[1] = ( byte ) ( i2 < 12 ? ( i2 + '.' ) : i2 < 38 ? ( i2 + 'A' - 12 ) : ( i2 + 'a' - 38 ) );
+ break;
default:
salt = null;
@@ -285,17 +293,6 @@ public class PasswordUtil
return digest( LdapSecurityConstants.HASH_METHOD_MD5, credentials, salt );
case HASH_METHOD_CRYPT:
- if ( salt == null )
- {
- salt = new byte[2];
- SecureRandom sr = new SecureRandom();
- int i1 = sr.nextInt( 64 );
- int i2 = sr.nextInt( 64 );
-
- salt[0] = ( byte ) ( i1 < 12 ? ( i1 + '.' ) : i1 < 38 ? ( i1 + 'A' - 12 ) : ( i1 + 'a' - 38 ) );
- salt[1] = ( byte ) ( i2 < 12 ? ( i2 + '.' ) : i2 < 38 ? ( i2 + 'A' - 12 ) : ( i2 + 'a' - 38 ) );
- }
-
String saltWithCrypted = UnixCrypt.crypt( StringTools.utf8ToString( credentials ), StringTools
.utf8ToString( salt ) );
String crypted = saltWithCrypted.substring( 2 );