In BaseSecurityService.encryptPassword(), it first encrypts a password using
the scheme it is told to use (in my case SHA), it then calls the
commons.Base64 class to encode the results from the SHA encoding.
Previously, we were using another Base64 class in Turbine...I'm not sure
which one...
The old result of SHA+Old Turbine Base64 returned this string for the sha
encode/base64 of the String "1"...
NWoZK3kTsExUV00Ywo1G5jlU
Now, with the commons Base64, I get this:
NWoZK3kTsExUV00Ywo1G5jlUKKs=
As you can see, it has a few characters tacked onto the end of it.
So, is the bug in the old Base64 implementation or in the Common's base64
implementation?
-jon
P.s. Here is a little test program...
import java.io.*;
import java.lang.*;
import java.util.*;
import java.security.MessageDigest;
import org.apache.commons.util.Base64;
public class Test
{
public static void main(String args[])
{
try
{
String password = "1";
MessageDigest md = MessageDigest.getInstance("SHA");
// We need to use unicode here, to be independent of platform's
// default encoding. Thanks to SGawin for spotting this.
byte[] digest = md.digest(password.getBytes("UTF-8"));
// Base64-encode the digest.
byte[] encodedDigest = Base64.encode(digest);
System.out.println (encodedDigest == null ? null :
new String(encodedDigest));
}
catch (Exception e)
{
}
}
}
