Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
master
-
None
-
None
Description
I was testing how to transfer user password hashes from the Cassandra user table to an external system but the hashes were too short when validating with a different SHA1 digest algorithm.
I have added a sample to illustrate the issue. There are two bytes missing on the hash compared to e.g. `com.google.common.hash.Hashing`.
The problem seems to be a missing `flush` or `close` on the `OutputStream` in `DigestUtil.java`.
https://github.com/apache/james-project/blob/ec7b50b82c5386aec6ee115a3b4c1b3018f7b4a8/server/data/data-library/src/main/java/org/apache/james/user/lib/util/DigestUtil.java#L146
Here the output from my tests:
james base4 : n7f+Eheu1EKwTA9eQ7XVp9Mo
hcode hex : 9fb7fe1217aed442b04c0f5e43b5d5a7d3287097
james hex : 9fb7fe1217aed442b04c0f5e43b5d5a7d328
james fix base64: n7f+Eheu1EKwTA9eQ7XVp9MocJc=
james fix hash : 9fb7fe1217aed442b04c0f5e43b5d5a7d3287097
The sample is transforming the stored password base64 to hex encoding and you can see the missing two bytes. The fix used `flush` on digesting a password.
https://gist.github.com/dthuering/67e804897d10330c24e62a1767139264
Maybe I miss something but it looks like a bug. It is not affecteing running instances but is a problem on mobing hashes to other systems.
Attachments
Issue Links
- links to