Also - are you taking the width of the characters into account? I'd need to
spelunk through the code, but I'd bet that requester.getBytes() returns 2 or
4 octets per character (or even 3 or 5 it it's using UTF8)
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Rod Widdowson
> Sent: 06 August 2010 14:05
> To: [log in to unmask]
> Subject: Re: Replicating generation of ePTID in the shell
>
> Is updating a digest the same as concatenating the input and then
> digesting
> it? I'm no "maths of encryption expert" so I have no idea.
>
> > -----Original Message-----
> > From: Discussion list for Shibboleth developments [mailto:JISC-
> > [log in to unmask]] On Behalf Of Jethro R Binks
> > Sent: 06 August 2010 08:56
> > To: [log in to unmask]
> > Subject: Replicating generation of ePTID in the shell
> >
> > To ease a migration of an internal system, I wanted to generate
> ePTIDs
> > for
> > some known user accounts from the Unix shell.
> >
> > I was a good boy and Used The Source, read the documentation, and
> came
> > to
> > the conclusion that this is what I wanted to do:
> >
> > /bin/echo -n "[log in to unmask]" | sha1 |
> > base64 -e
> >
> > based on:
> >
> > shibboleth-1.3.3-
> >
> install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/
> > PersistentIDAttributeDefinition.java
> >
> > To whit:
> >
> > // Hash the data together to produce the persistent
> ID.
> > try {
> > MessageDigest md =
> > MessageDigest.getInstance("SHA");
> > md.update(requester.getBytes());
> > md.update((byte) '!');
> > md.update(localId.getBytes());
> > md.update((byte) '!');
> > String result = new
> > String(Base64.encode(md.digest(salt)));
> >
> > Unfortunately, what my command line gives me doesn't match up with
> the
> > ePTID the SP receives, given the same user, entityId, and salt.
> >
> > Have I done something daft, do I misunderstand how it works, or is
> > there
> > something darker afoot somewhere?
> >
> > Jethro.
> >
> > . . . . . . . . . . . . . . . . . . . . . . .
> .
> > .
> > Jethro R Binks, Computing Officer
> > Information Services, The University Of Strathclyde, Glasgow, UK
> >
> > The University of Strathclyde is a charitable body, registered in
> > Scotland, number SC015263.
|