On Fri, 6 Aug 2010, Stephen Kershaw wrote:
> I wouldn't stake my life on it but it does look like that snippet should
> generate ePTID if fed with the correct input.
>
> If you are using bash interactively then those exclamation marks may
> cause trouble as they get replaced with commands from bash history,
> depending on how they are quoted or escaped. That's bitten me recently,
> giving a few moments of confusion when a simple one-liner didn't work!
> If you are using bash, maybe try and see if things are any better if
> running a different shell or from a script.
It is a good point to mention; I always use traditional(ish) sh where
possible rather than bash for scripting, but yes the ! are already
escaped. I suspect the issue is to do with the function of getbytes, but
it is already getting too programy for my liking (I do not have the
mindset to be a half-decent programmer, just a 'tweaker'), and so Rod's
suggestion to use Java is probably the right way, but outwith my ken :).
I will probably end up using aacli for expediency right now.
Jethro.
>
> Cheers,
> Steve
>
> --
> Stephen Kershaw | Hornet Architecture, Authentication & Services Officer |
> STARS | IT Services | The University of Manchester
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Jethro R Binks
> Sent: 06 August 2010 14:20
> To: [log in to unmask]
> Subject: Re: Replicating generation of ePTID in the shell
>
> On Fri, 6 Aug 2010, Rod Widdowson wrote:
>
> > Also - are you taking the width of the characters into account? I'd
> > need to spelunk through the code, but I'd bet that requester.getBytes()
> > returns 2 or 4 octets per character (or even 3 or 5 it it's using UTF8)
>
> Ah, that sounds very pertinent.
>
> Sounds like it's easier to go with Andy's method at this point :).
>
> Thanks Rod.
>
> Jethro.
>
>
> >
> > > -----Original Message-----
> > > From: Discussion list for Shibboleth developments [mailto:JISC-
> > > [log in to unmask]] On Behalf Of Rod Widdowson
> > > Sent: 06 August 2010 14:05
> > > To: [log in to unmask]
> > > Subject: Re: Replicating generation of ePTID in the shell
> > >
> > > Is updating a digest the same as concatenating the input and then
> > > digesting
> > > it? I'm no "maths of encryption expert" so I have no idea.
> > >
> > > > -----Original Message-----
> > > > From: Discussion list for Shibboleth developments [mailto:JISC-
> > > > [log in to unmask]] On Behalf Of Jethro R Binks
> > > > Sent: 06 August 2010 08:56
> > > > To: [log in to unmask]
> > > > Subject: Replicating generation of ePTID in the shell
> > > >
> > > > To ease a migration of an internal system, I wanted to generate
> > > ePTIDs
> > > > for
> > > > some known user accounts from the Unix shell.
> > > >
> > > > I was a good boy and Used The Source, read the documentation, and
> > > came
> > > > to
> > > > the conclusion that this is what I wanted to do:
> > > >
> > > > /bin/echo -n "[log in to unmask]" | sha1 |
> > > > base64 -e
> > > >
> > > > based on:
> > > >
> > > > shibboleth-1.3.3-
> > > >
> > > install/src/edu/internet2/middleware/shibboleth/aa/attrresolv/provider/
> > > > PersistentIDAttributeDefinition.java
> > > >
> > > > To whit:
> > > >
> > > > // Hash the data together to produce the persistent
> > > ID.
> > > > try {
> > > > MessageDigest md =
> > > > MessageDigest.getInstance("SHA");
> > > > md.update(requester.getBytes());
> > > > md.update((byte) '!');
> > > > md.update(localId.getBytes());
> > > > md.update((byte) '!');
> > > > String result = new
> > > > String(Base64.encode(md.digest(salt)));
> > > >
> > > > Unfortunately, what my command line gives me doesn't match up with
> > > the
> > > > ePTID the SP receives, given the same user, entityId, and salt.
> > > >
> > > > Have I done something daft, do I misunderstand how it works, or is
> > > > there
> > > > something darker afoot somewhere?
> > > >
> > > > Jethro.
> > > >
> > > > . . . . . . . . . . . . . . . . . . . . . . .
> > > .
> > > > .
> > > > Jethro R Binks, Computing Officer
> > > > Information Services, The University Of Strathclyde, Glasgow, UK
> > > >
> > > > The University of Strathclyde is a charitable body, registered in
> > > > Scotland, number SC015263.
> >
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks, Computing Officer
> Information Services, The University Of Strathclyde, Glasgow, UK
>
> The University of Strathclyde is a charitable body, registered in
> Scotland, number SC015263.
>
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Computing Officer
Information Services, The University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.
|