Ignore:
Timestamp:
2012-10-31T10:43:48+13:00 (11 years ago)
Author:
sjm84
Message:

Hopefully fixed the hashing algorithm so that it produces the same result on 32-bit and 64-bit machines

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r26272 r26425  
    33import java.io.File;
    44import java.io.Serializable;
    5 import java.io.UnsupportedEncodingException;
    65import java.math.BigInteger;
    7 import java.security.MessageDigest;
    86import java.sql.SQLException;
    97import java.util.ArrayList;
     
    1311import java.util.regex.Pattern;
    1412
    15 import java.util.Properties;
    16 import javax.mail.Message;
    17 import javax.mail.MessagingException;
    18 import javax.mail.Session;
    19 import javax.mail.Transport;
    20 import javax.mail.PasswordAuthentication;
    21 import javax.mail.internet.AddressException;
    22 import javax.mail.internet.InternetAddress;
    23 import javax.mail.internet.MimeMessage;
    24 
    2513import net.tanesha.recaptcha.ReCaptchaImpl;
    2614import net.tanesha.recaptcha.ReCaptchaResponse;
    2715
     16import org.apache.commons.codec.digest.DigestUtils;
    2817import org.greenstone.gsdl3.util.DerbyWrapper;
    2918import org.greenstone.gsdl3.util.GSXML;
     
    4029    protected static final int PASSWORD_MIN_LENGTH = 3;
    4130    protected static final int PASSWORD_MAX_LENGTH = 64;
    42    
     31
    4332    //Error codes
    4433    protected static final int NO_ERROR = 0;
     
    628617        else if (op.equals(PERFORM_RETRIEVE_PASSWORD))
    629618        {
    630            
     619
    631620        }
    632621        else if (op.equals(PERFORM_CHANGE_PASSWORD))
     
    636625            String oldPassword = (String) paramMap.get("oldPassword");
    637626            String newPassword = (String) paramMap.get("newPassword");
    638             if (user_name==null || oldPassword==null || newPassword==null)
     627            if (user_name == null || oldPassword == null || newPassword == null)
    639628            {
    640629                GSXML.addError(this.doc, result, _errorMessageMap.get("missing compulsory parameters: username, oldPassword, or newPassword"));
    641630                return result;
    642631            }
    643            
    644             String prevPassword = retrieveDataForUser(user_name, "password");                       
     632
     633            String prevPassword = retrieveDataForUser(user_name, "password");
    645634            if (!hashPassword(oldPassword).equals(prevPassword))
    646635            {
     
    649638                return result;
    650639            }
    651            
     640
    652641            //Check the given password
    653642            int error;
     
    657646                return result;
    658647            }
    659            
     648
    660649            String chpa_groups = retrieveDataForUser(user_name, "groups");
    661650            String chpa_comment = "password_changed_by_user";
    662651            String info = this._derbyWrapper.modifyUserInfo(user_name, hashPassword(newPassword), chpa_groups, null, chpa_comment, null);
    663             if(info != "succeed"){//see DerbyWrapper.modifyUserInfo
     652            if (info != "succeed")
     653            {//see DerbyWrapper.modifyUserInfo
    664654                GSXML.addError(this.doc, result, _errorMessageMap.get(info));
    665655                return result;
     
    792782    public static String hashPassword(String password)
    793783    {
    794         String hashedPassword = null;
    795         try
    796         {
    797             MessageDigest digest = MessageDigest.getInstance("SHA-1");
    798             digest.reset();
    799             hashedPassword = new String(digest.digest(password.getBytes("US-ASCII"))); // toHex after using ASCII charset will result in acceptable length of hex string
    800             hashedPassword = toHex(hashedPassword); // this conversion is required to avoid the strange error of login failure on some legal password strings
    801         }
    802         catch (Exception ex)
    803         {
    804             ex.printStackTrace();
    805         }
    806         return hashedPassword;
     784        return DigestUtils.sha1Hex(password);
    807785    }
    808786
     
    10911069    }
    10921070
    1093     // main() method - calls hashPassword() on any String argument, printing this to stdout
    1094     // This main() is invoked by gliserver.pl perl code to encrypt passwords identically to Java code.
    1095     public static void main(String[] args) {
    1096     if(args.length < 1) {
    1097         System.err.println("Usage: Authentication <string to encrypt>");
    1098         System.exit(-1);
    1099     }
    1100     // just hash the first argument
    1101     String hash = Authentication.hashPassword(args[0]);
    1102     System.out.println(hash);
    1103     }
     1071    // main() method - calls hashPassword() on any String argument, printing this to stdout
     1072    // This main() is invoked by gliserver.pl perl code to encrypt passwords identically to Java code.
     1073    public static void main(String[] args)
     1074    {
     1075        if (args.length < 1)
     1076        {
     1077            System.err.println("Usage: Authentication <string to encrypt>");
     1078            System.exit(-1);
     1079        }
     1080        // just hash the first argument
     1081        String hash = Authentication.hashPassword(args[0]);
     1082        System.out.println(hash);
     1083    }
    11041084}
Note: See TracChangeset for help on using the changeset viewer.