Jethro
I wouldn't stake my life on it but it does look like that snippet should
generate ePTID if fed with the correct input.
If you are using bash interactively then those exclamation marks may cause
trouble as they get replaced with commands from bash history, depending on
how they are quoted or escaped. That's bitten me recently, giving a few
moments of confusion when a simple one-liner didn't work! If you are using
bash, maybe try and see if things are any better if running a different shell
or from a script.
Cheers,
Steve
--
Stephen Kershaw | Hornet Architecture, Authentication & Services Officer |
STARS | IT Services | The University of Manchester
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Jethro R Binks
Sent: 06 August 2010 14:20
To: [log in to unmask]
Subject: Re: Replicating generation of ePTID in the shell
On Fri, 6 Aug 2010, Rod Widdowson wrote:
> Also - are you taking the width of the characters into account? I'd
> need to spelunk through the code, but I'd bet that requester.getBytes()
> returns 2 or 4 octets per character (or even 3 or 5 it it's using UTF8)
Ah, that sounds very pertinent.
Sounds like it's easier to go with Andy's method at this point :).
Thanks Rod.
Jethro.
>
> > -----Original Message-----
> > From: Discussion list for Shibboleth developments [mailto:JISC-
> > [log in to unmask]] On Behalf Of Rod Widdowson
> > Sent: 06 August 2010 14:05
> > To: [log in to unmask]
> > Subject: Re: Replicating generation of ePTID in the shell
> >
> > Is updating a digest the same as concatenating the input and then
> > digesting
> > it? I'm no "maths of encryption expert" so I have no idea.
> >
> > > -----Original Message-----
> > > From: Discussion list for Shibboleth developments [mailto:JISC-
> > > [log in to unmask]] On Behalf Of Jethro R Binks
> > > Sent: 06 August 2010 08:56
> > > To: [log in to unmask]
> > > Subject: Replicating generation of ePTID in the shell
> > >
> > > To ease a migration of an internal system, I wanted to generate
> > ePTIDs
> > > for
> > > some known user accounts from the Unix shell.
> > >
> > > I was a good boy and Used The Source, read the documentation, and
> > came
> > > to
> > > the conclusion that this is what I wanted to do:
> > >
> > > /bin/echo -n "[log in to unmask]" | sha1 |
> > > base64 -e
> > >
> > > based on:
> > >
> > > shibboleth-1.3.3-
> > >
> > install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/
> > > PersistentIDAttributeDefinition.java
> > >
> > > To whit:
> > >
> > > // Hash the data together to produce the persistent
> > ID.
> > > try {
> > > MessageDigest md =
> > > MessageDigest.getInstance("SHA");
> > > md.update(requester.getBytes());
> > > md.update((byte) '!');
> > > md.update(localId.getBytes());
> > > md.update((byte) '!');
> > > String result = new
> > > String(Base64.encode(md.digest(salt)));
> > >
> > > Unfortunately, what my command line gives me doesn't match up with
> > the
> > > ePTID the SP receives, given the same user, entityId, and salt.
> > >
> > > Have I done something daft, do I misunderstand how it works, or is
> > > there
> > > something darker afoot somewhere?
> > >
> > > Jethro.
> > >
> > > . . . . . . . . . . . . . . . . . . . . . . .
> > .
> > > .
> > > Jethro R Binks, Computing Officer
> > > Information Services, The University Of Strathclyde, Glasgow, UK
> > >
> > > The University of Strathclyde is a charitable body, registered in
> > > Scotland, number SC015263.
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Computing Officer
Information Services, The University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
|