Hello all,
I just made a tiny patch (attached) that solves the issue described in
jira JAMES-334. The problem is just that james encodes the hash in
base64, while mysql and almost all other applications I know use hex
encoding.
This change would be fine for me, but it would be bad for existing
installations, as all existing hashes for all users in the user
repository would be unusable.
In order to avoid this I have thought of two different solutions:
1. To add an option in the userstore, where an administrator can specify
if he wants james to use bsae64 or hex encoding for hashes.
2. Create a script that can change all existing hashes from base64 to
hex encoding and forget base64 completely.
What would you choose? #1 is non intrusive as the default installation
option can be set to base64. #2 drops base64 completely and results in a
simpler auth mechanism.
--
Pavlos
Index: user-library/pom.xml
===================================================================
--- user-library/pom.xml (revision 1026865)
+++ user-library/pom.xml (working copy)
@@ -73,5 +73,12 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>20041127.091804</version>
+ <type>jar</type>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
Index: user-library/src/main/java/org/apache/james/user/lib/util/DigestUtil.java
===================================================================
--- user-library/src/main/java/org/apache/james/user/lib/util/DigestUtil.java
(revision 1026865)
+++ user-library/src/main/java/org/apache/james/user/lib/util/DigestUtil.java
(working copy)
@@ -21,10 +21,10 @@
package org.apache.james.user.lib.util;
-import javax.mail.MessagingException;
import javax.mail.internet.MimeUtility;
-import java.io.ByteArrayOutputStream;
+import org.apache.commons.codec.binary.Hex;
+
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -151,19 +151,13 @@
throws NoSuchAlgorithmException {
MessageDigest md;
- ByteArrayOutputStream bos;
try {
md = MessageDigest.getInstance(algorithm);
byte[] digest = md.digest(pass.getBytes("iso-8859-1"));
- bos = new ByteArrayOutputStream();
- OutputStream encodedStream = MimeUtility.encode(bos, "base64");
- encodedStream.write(digest);
- return bos.toString("iso-8859-1");
+ return new String(Hex.encodeHex(digest));
} catch (IOException ioe) {
throw new RuntimeException("Fatal error: " + ioe);
- } catch (MessagingException me) {
- throw new RuntimeException("Fatal error: " + me);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
