On Fri, 6 Aug 2010, Rod Widdowson wrote:
> Also - are you taking the width of the characters into account? I'd
> need to spelunk through the code, but I'd bet that requester.getBytes()
> returns 2 or 4 octets per character (or even 3 or 5 it it's using UTF8)
Ah, that sounds very pertinent.
Sounds like it's easier to go with Andy's method at this point :).
Thanks Rod.
Jethro.
>
> > -----Original Message-----
> > From: Discussion list for Shibboleth developments [mailto:JISC-
> > [log in to unmask]] On Behalf Of Rod Widdowson
> > Sent: 06 August 2010 14:05
> > To: [log in to unmask]
> > Subject: Re: Replicating generation of ePTID in the shell
> >
> > Is updating a digest the same as concatenating the input and then
> > digesting
> > it? I'm no "maths of encryption expert" so I have no idea.
> >
> > > -----Original Message-----
> > > From: Discussion list for Shibboleth developments [mailto:JISC-
> > > [log in to unmask]] On Behalf Of Jethro R Binks
> > > Sent: 06 August 2010 08:56
> > > To: [log in to unmask]
> > > Subject: Replicating generation of ePTID in the shell
> > >
> > > To ease a migration of an internal system, I wanted to generate
> > ePTIDs
> > > for
> > > some known user accounts from the Unix shell.
> > >
> > > I was a good boy and Used The Source, read the documentation, and
> > came
> > > to
> > > the conclusion that this is what I wanted to do:
> > >
> > > /bin/echo -n "[log in to unmask]" | sha1 |
> > > base64 -e
> > >
> > > based on:
> > >
> > > shibboleth-1.3.3-
> > >
> > install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/
> > > PersistentIDAttributeDefinition.java
> > >
> > > To whit:
> > >
> > > // Hash the data together to produce the persistent
> > ID.
> > > try {
> > > MessageDigest md =
> > > MessageDigest.getInstance("SHA");
> > > md.update(requester.getBytes());
> > > md.update((byte) '!');
> > > md.update(localId.getBytes());
> > > md.update((byte) '!');
> > > String result = new
> > > String(Base64.encode(md.digest(salt)));
> > >
> > > Unfortunately, what my command line gives me doesn't match up with
> > the
> > > ePTID the SP receives, given the same user, entityId, and salt.
> > >
> > > Have I done something daft, do I misunderstand how it works, or is
> > > there
> > > something darker afoot somewhere?
> > >
> > > Jethro.
> > >
> > > . . . . . . . . . . . . . . . . . . . . . . .
> > .
> > > .
> > > Jethro R Binks, Computing Officer
> > > Information Services, The University Of Strathclyde, Glasgow, UK
> > >
> > > The University of Strathclyde is a charitable body, registered in
> > > Scotland, number SC015263.
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Computing Officer
Information Services, The University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
|