<?xml version="1.0" encoding="UTF-8"?>
<passwd>
<!-- principals -->
<principal
name="alice"
class="openwfe.org.auth.BasicPrincipal"
password="+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
>
<grant name="store.alpha" />
<grant name="launch.default" />
</principal>
<!-- grants -->
<grant
name="store.alpha"
codebase="file:./jars/openwfe-worklist-actions.jar"
>
<permission
name="Store.alpha"
class="openwfe.org.worklist.auth.StorePermission"
rights="read, write, delegate"
/>
</grant>
<grant
name="launch.default"
codebase="file:jars/openwfe-worklist-actions.jar"
>
<!--
This launch permission points to a static list of flows.
By modifying this launch-default.xml file, you can add or
remove flows for the users that have the launch.default grant.
-->
<permission
name="mainEngine::http://localhost:7079/launch-default.xml"
class="openwfe.org.worklist.auth.StorePermission"
/>
</grant>
</passwd>
I load the XML to a DataSet in C# and have routines to create/edit/remove users to the xml. I can also change the password, but How does openWFE generates the hashes stored on the XML.
What I want is, Generate a string like this "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60" from a password i have (EX: I want the has of the password "bummer").
Thanks for your replies.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
in the OpenWFE 'binary' release, under bin/ there is a script named genpass.bat (and another named genpass.sh), they generate the hashes for you. They are written in Java though.
Best regards,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sorry, I haven't written in C# for a long time and I haven't any windows box around, only Linux or Mac.
I would suggest that you write some test unit with one or two known samples. Once your method outputs the same password as found in the samples (for instance the 'admin/admin' found in OpenWFE out of the box), you will know your on the right track.
Best regards,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi.
What procedure do I have to apply to "alice"'s MD5 (6384e2b2184bcbf58eccf10ca7a6563c) to obtain "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
the function toString returns this "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99"
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
in the links you gave me there is no function that generates the hash with the plus and minuses (+-)
the code that generates the password is this:
87 public static String digestPassword (String pass)
88 throws NoSuchAlgorithmException
89 {
90 java.security.MessageDigest digest = java.security.MessageDigest
91 .getInstance(DIGEST_ALGORITHM); //defined as MD5
92
93 digest.update(pass.getBytes());
94
95 return ByteUtils.toString(digest.digest());
96 }
pass.getBytes() returns an array of bytes (32), right?
ByteUtils.toString returns "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99", not "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60".
digest.digest() returns 6384e2b2184bcbf58eccf10ca7a6563c (the MD5 of alice)
I don't see in the code you linked how to generate the final hash
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
that doesn't add minuses (-) signs to the number. it just generates "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99"
just look at the code. no minus signs added.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I still don't get it. could you post java code or any language of the whole process?
1. hashing the md5
2. converting each character to bytes
3. turning it to a "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The code doesn't output "-" by itself because Java (and C# IIRC) do output it, I have to output the "+" as the aforesaid languages will not output it (in natural language, we say for instance "five" and not "plus five", but we say "minus five").
I'm not your employee.
Best regards,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What I get from my code is a 32 bit hash. your code writes to the xml passwd.xml a 16 bit hash with + and - (my hash is only +). what do you do to turn it into a 16 bit hash. That's all I ewant to know (it's not in the sources you gave me)
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sure you only tried with "bummer", did you try with something else, something that includes "-" and that is the stock passwd.xml ?
It might be that your "bummer" only encodes to ++++++ stuff.
If your C# routine only returns ++++ stuff then maybe the MD5 output is different from Java to C# (kind of weird) or your implementation has an error.
Best regards,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been trying with "alice" (so I can get a match if I get it right).
could you post the md5 output for "alice" from java (which should be 6384e2b2184bcbf58eccf10ca7a6563c).
I know that's not that. my routine is exactly the same in c# and java (the output, that is). what's the data passed to "ByteUtils.toString" (the digest.digest() result)? it should be alice's MD5.
The data passed to ByteUtils.toString() is an array of bytes. I don't know how you can obtain the same thing with C#. The digest methods provided with Java (at least in 2002 when I implemented that) worked that way (that's unfortunate).
Another thing you could do is modify OpenWFE to use a neat, standard MD5 like yours (C#'s). But that would be kind of long (especially if I have to explain everything).
I don't know your application settings, but I'm sure you could get along with one or two OpenWFE users and then virtual users in your C# application. Thus you would not need to tinker with the MD5 baroque transformations that OpenWFEja requires.
Best regards,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Alice password returns "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
But... the same code in c# generates the output I was talking about ("+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99")
Which means that java calculates a 16 bytes hash while c# generates a 32 bit one.
I'm gonna work on the java code and try to find a solution.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi.
I have this xml:
<?xml version="1.0" encoding="UTF-8"?>
<passwd>
<!-- principals -->
<principal
name="alice"
class="openwfe.org.auth.BasicPrincipal"
password="+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
>
<grant name="store.alpha" />
<grant name="launch.default" />
</principal>
<!-- grants -->
<grant
name="store.alpha"
codebase="file:./jars/openwfe-worklist-actions.jar"
>
<permission
name="Store.alpha"
class="openwfe.org.worklist.auth.StorePermission"
rights="read, write, delegate"
/>
</grant>
<grant
name="launch.default"
codebase="file:jars/openwfe-worklist-actions.jar"
>
<!--
This launch permission points to a static list of flows.
By modifying this launch-default.xml file, you can add or
remove flows for the users that have the launch.default grant.
-->
<permission
name="mainEngine::http://localhost:7079/launch-default.xml"
class="openwfe.org.worklist.auth.StorePermission"
/>
</grant>
</passwd>
I load the XML to a DataSet in C# and have routines to create/edit/remove users to the xml. I can also change the password, but How does openWFE generates the hashes stored on the XML.
What I want is, Generate a string like this "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60" from a password i have (EX: I want the has of the password "bummer").
Thanks for your replies.
*(EX: I want the hash of the password "bummer").
Hi,
in the OpenWFE 'binary' release, under bin/ there is a script named genpass.bat (and another named genpass.sh), they generate the hashes for you. They are written in Java though.
Best regards,
John
But is there a way to do that in windows, or better yet, through C# code?
Thanks.
Hi,
in windows you can call the genpass.bat script.
Or you can study the code and re-implement it in C#.
http://openwfe.svn.sourceforge.net/viewvc/openwfe/trunk/openwfe/openwfe-applic/src/main/java/openwfe/org/auth/BasicLoginModule.java?view=markup
http://openwfe.svn.sourceforge.net/viewvc/openwfe/trunk/openwfe/openwfe-base/src/main/java/openwfe/org/base/ByteUtils.java?view=markup
Have a look too at OpenWFEru, it's the next OpenWFE. http://openwferu.rubyforge.org
Best regards,
John
87 public static String digestPassword (String pass)
88 throws NoSuchAlgorithmException
89 {
90 java.security.MessageDigest digest = java.security.MessageDigest
91 .getInstance(DIGEST_ALGORITHM);
92
93 digest.update(pass.getBytes());
94
95 return ByteUtils.toString(digest.digest());
96 }
how do I convert this?
this is what I converted. is it correct?
public static byte[] objectToByteArray (object o)
{
return objectsToByteArray(new Object[] { o });
}
public static byte[] objectsToByteArray (object[] objects)
{
byte[] os = new byte[100];
for (int i=0; i<objects.Length; i++)
{
if (objects[i] == null) continue;
os.SetValue(objects[i],i);
// encoder.writeObject(objects[i]);
// encoder.flush();
}
return os;
}
public static string toString (byte[] ba)
{
string sb = null;
for (int i=0; i<ba.Length; i++)
{
if (ba[i] >= 0) sb += "+";
sb += ba[i];
}
return sb.ToString();
}
public static int toByte (string s)
{
if (s[0] == '+') s = s.Substring(1);
return Convert.ToInt32(s);
}
public static byte[] fromString (string s)
{
byte[] os = new byte[100];
string currentByte = ""+s[0];
for (int i=1; i<s.Length; i++)
{
char c = s[i];
if (c == '+' || c == '-')
{
os.SetValue(toByte(currentByte),i);
currentByte = ""+c.ToString();
continue;
}
currentByte += c;
}
os.SetValue(toByte(currentByte),os.Length);
return os;
}
is this how I generate the string "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60" ?
string pass = getMd5Hash("testpass");
byte[] bpass = new byte[100];
for (int i=0;i<pass.Length;i++)
{
bpass[i]=Convert.ToByte(pass[i]);
}
MessageBox.Show(toString(bpass));
Thanks.
Hello,
I'm sorry, I haven't written in C# for a long time and I haven't any windows box around, only Linux or Mac.
I would suggest that you write some test unit with one or two known samples. Once your method outputs the same password as found in the samples (for instance the 'admin/admin' found in OpenWFE out of the box), you will know your on the right track.
Best regards,
John
Hi.
What procedure do I have to apply to "alice"'s MD5 (6384e2b2184bcbf58eccf10ca7a6563c) to obtain "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
the function toString returns this "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99"
Hi,
what procedure ? Well, the one used in the Java implementation I've given you a link to. It's useless to explain with words, when the code is here.
Best regards,
John
in the links you gave me there is no function that generates the hash with the plus and minuses (+-)
the code that generates the password is this:
87 public static String digestPassword (String pass)
88 throws NoSuchAlgorithmException
89 {
90 java.security.MessageDigest digest = java.security.MessageDigest
91 .getInstance(DIGEST_ALGORITHM); //defined as MD5
92
93 digest.update(pass.getBytes());
94
95 return ByteUtils.toString(digest.digest());
96 }
pass.getBytes() returns an array of bytes (32), right?
ByteUtils.toString returns "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99", not "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60".
digest.digest() returns 6384e2b2184bcbf58eccf10ca7a6563c (the MD5 of alice)
I don't see in the code you linked how to generate the final hash
~~~~nevermind. got it.
Thank you very much!!!
wait. ignore my previus post. I still don't get it. read the post from 2007-10-15 14:01
79 public static String toString (byte[] ba)
80 {
81 StringBuffer sb = new StringBuffer();
82
83 for (int i=0; i<ba.length; i++)
84 {
85 if (ba[i] >= 0) sb.append('+');
86 sb.append(ba[i]);
87 }
88
89 return sb.toString();
90 }
Hi.
that doesn't add minuses (-) signs to the number. it just generates "+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99"
just look at the code. no minus signs added.
Thanks.
Integer i = new Integer(5);
System.out.println(i.toString();
will yield "5"
Integer i = new Integer(-5);
System.out.println(i.toString());
will yield "-5"
168 public static void main (String[] args)
169 {
170 if (args.length < 1)
171 {
172 System.out.println();
173 System.out.println("USAGE :");
174 System.out.println();
175 System.out.println("genpass password");
176 System.out.println();
177 System.out.print("will output the password, but hashed.");
178 System.out.println();
179 System.exit(0);
180 }
181
182 try
183 {
184 System.out.println(digestPassword(args[0]));
185 }
186 catch (Exception e)
187 {
188 e.printStackTrace();
189 }
190 }
I still don't get it. could you post java code or any language of the whole process?
1. hashing the md5
2. converting each character to bytes
3. turning it to a "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
Thanks.
http://www.catb.org/~esr/faqs/smart-questions.html#homework
The code doesn't output "-" by itself because Java (and C# IIRC) do output it, I have to output the "+" as the aforesaid languages will not output it (in natural language, we say for instance "five" and not "plus five", but we say "minus five").
I'm not your employee.
Best regards,
John
Ok.
What I get from my code is a 32 bit hash. your code writes to the xml passwd.xml a 16 bit hash with + and - (my hash is only +). what do you do to turn it into a 16 bit hash. That's all I ewant to know (it's not in the sources you gave me)
Thanks.
I'm sure you only tried with "bummer", did you try with something else, something that includes "-" and that is the stock passwd.xml ?
It might be that your "bummer" only encodes to ++++++ stuff.
If your C# routine only returns ++++ stuff then maybe the MD5 output is different from Java to C# (kind of weird) or your implementation has an error.
Best regards,
John
I've been trying with "alice" (so I can get a match if I get it right).
could you post the md5 output for "alice" from java (which should be 6384e2b2184bcbf58eccf10ca7a6563c).
I know that's not that. my routine is exactly the same in c# and java (the output, that is). what's the data passed to "ByteUtils.toString" (the digest.digest() result)? it should be alice's MD5.
87 public static String digestPassword (String pass)
88 throws NoSuchAlgorithmException
89 {
90 java.security.MessageDigest digest = java.security.MessageDigest
91 .getInstance(DIGEST_ALGORITHM);
92
93 digest.update(pass.getBytes());
94
95 return ByteUtils.toString(digest.digest());
96 }
Thanks.
The data passed to ByteUtils.toString() is an array of bytes. I don't know how you can obtain the same thing with C#. The digest methods provided with Java (at least in 2002 when I implemented that) worked that way (that's unfortunate).
Another thing you could do is modify OpenWFE to use a neat, standard MD5 like yours (C#'s). But that would be kind of long (especially if I have to explain everything).
I don't know your application settings, but I'm sure you could get along with one or two OpenWFE users and then virtual users in your C# application. Thus you would not need to tinker with the MD5 baroque transformations that OpenWFEja requires.
Best regards,
John
can java type byte be a negative value (EX: -20). In C# you can't assign a negative value to a byte number.
Thanks.
just discovered bytes in java a re -127 to 127 while in C# are from 0 to 255.
Well, I've just installed java and run a mod of your code and it works!
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import java.security.NoSuchAlgorithmException;
public class BasicLoginModule
{
public static String digestPassword (String pass)
throws NoSuchAlgorithmException
{
java.security.MessageDigest digest = java.security.MessageDigest
.getInstance("MD5");
digest.update(pass.getBytes());
return toString(digest.digest());
}
public static String toString (byte[] ba)
{
StringBuffer sb = new StringBuffer();
for (int i=0; i<ba.length; i++)
{
if (ba[i] >= 0) sb.append('+');
sb.append(ba[i]);
}
return sb.toString();
}
public static void main (String[] args)
{
if (args.length < 1)
{
System.out.println("vitor modificado");
System.out.println("USAGE :");
System.out.println();
System.out.println("genpass password");
System.out.println();
System.out.print("will output the password, but hashed.");
System.out.println();
System.exit(0);
}
try
{
System.out.println(digestPassword(args[0]));
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
Alice password returns "+99-124-30-78+24+75-53-11-114-52-15+12-89-90+86+60"
But... the same code in c# generates the output I was talking about ("+54+51+56+52+101+50+98+50+49+56+52+98+99+98+102+53+56+101+99+99+102+49+48+99+97+55+97+54+53+54+51+99")
Which means that java calculates a 16 bytes hash while c# generates a 32 bit one.
I'm gonna work on the java code and try to find a solution.
Thanks.
Well done.
Best regards,
John