On Wed, May 8, 2013 at 8:34 AM, Tania Marinova <[email protected]> wrote:
> yes, the null point exception is in these rows
>
> if((pwcb.getIdentifier().equals("bob")) &&
> (passwordforchecking.equals(pasandsalt[0])) )
>
>
> and
>
> passwordforchecking =
> hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));
>
>
>
>
> But the problem that drives me really mad is that I'm sure that I extract
> the password and salt from the database because I have tested
> getdataforchecking in java application and everything is fine
> So I really don't know what to do?
>
> and I should only use eclipse and axis2
>
> -----------------------------------
> I've made some changes to my Passwordcallback class so here is again my code
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException
> {
>
> for (int i = 0; i < callbacks.length; i++)
> {
>
>
> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
> try {
> pasandsalt = getdataforChecking();
>
> } catch (ClassNotFoundException e1) {
> // TODO Auto-generated catch block
> e1.printStackTrace();
> }
>
> try {
> passwordforchecking =
> hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));
>
>
> } catch (Exception e) {
>
>
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
>
>
> if((pwcb.getIdentifier().equals("bob")) &&
> (passwordforchecking.equals(pasandsalt[0])) )
> {
> return;
>
>
> }
> }
>
> }
>
> private static String hash(String password, byte[] salt) throws Exception
> {
> SecretKeyFactory f =
> SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
> KeySpec spec = new PBEKeySpec(password.toCharArray(), salt,
> 65536, 256);
> return
> Base64.encodeBase64String(f.generateSecret(spec).getEncoded());
>
> }
As I mentioned you are doing this the hard way. And having the salt as
a db column makes a hackers job significantly easier as the can use it
with a rainbow table. Anyways, you need to test for null like so:
private static String hash(String password, byte[] salt) throws Exception
{
if (salt == null) {
throw new Exception("salt is null");
}
SecretKeyFactory f =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
if (f == null) {
throw new Exception("instance of SecretKeyFactory is null");
}
if (password == null || password.toCharArray() == null) {
throw new Exception("password is null");
}
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt,
65536, 256);
if(spec == null) {
throw new Exception("KeySpec is null");
}
if (f.generateSecret(spec).getEncoded() == null) {
throw new Exception("encoding is null");
}
System.out.println("returning with encoded String");
return
Base64.encodeBase64String(f.generateSecret(spec).getEncoded());
}
- R
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
