portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John McGloughlin <john...@mcgloughlingroup.com>
Subject Login passwordsMatch encryptPassword MessageDigest
Date Fri, 14 Nov 2003 08:22:23 GMT
I'm using an open ldap database for LDAPUserManagement.
The userPassword store in the ldap database is SHA.

I've *replaced* the Unix.crypt() method that's currently in
jetspeed-1.4/1.5 services/security/ldap/LDAPUserManagement with the
following:

-------
public String encryptPassword( String password )
          throws JetspeedSecurityException
{
......
// passwordsAlgorithm = SHA
MessageDigest md = MessageDigest.getInstance(passwordsAlgorithm);
byte[] digest = md.digest(password.getBytes("UTF-8"));
ByteArrayOutputStream bas = new ByteArrayOutputStream(digest.length +
digest.length / 3 + 1);
OutputStream encodedStream = MimeUtility.encode(bas, "base64");
encodedStream.write(digest);
return bas.toString();
}
--------

passwordsMatch() calls encryptPassword() and is returned an encrypted
string from the user suppliedPassword (gathered during the login process).

user.getPassword() is retrieved from the ldap database and substringed
to remove the passwordsSuffix {SHA}.

However, when suppliedPassword is encrypted during encryptPassword() the
return value is *truncated*. The result is that
user.getPassword.equal(encrypted) returns false failing the login process.

Here's the DEBUG:

ERROR LDAPUserManagement - DEBUG: passwordsMatch():
userPassword [from ldap]:         mr6iBOhZVdzyIoZkBjTMpT1qyf8=
encrypted [from encryptPassword]: mr6iBOhZVdzyIoZkBjTMpT1q
suppliedPassword :jetspeed

Any clues to my problem?

Thanx in advance,

johnmac


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message