From dc871ef6686de127f8013c456c59be18910ee04d Mon Sep 17 00:00:00 2001
From: ludovicp <ludovicp@localhost>
Date: Mon, 31 May 2010 09:15:16 +0000
Subject: [PATCH] Fix issue #4558. Change parsing of SSHA hashed password to provide backward interop with other servers like OpenLDAP

---
 opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java |   23 +++++++++++++----------
 1 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
index 18d63f2..e986365 100644
--- a/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
+++ b/opends/src/server/org/opends/server/extensions/SaltedSHA1PasswordStorageScheme.java
@@ -22,7 +22,7 @@
  * CDDL HEADER END
  *
  *
- *      Copyright 2006-2008 Sun Microsystems, Inc.
+ *      Copyright 2006-2010 Sun Microsystems, Inc.
  */
 package org.opends.server.extensions;
 
@@ -82,6 +82,8 @@
    */
   private static final int NUM_SALT_BYTES = 8;
 
+  // The number of bytes SHA algorithm produces
+  private static final int SHA1_LENGTH = 20;
 
 
   // The message digest that will actually be used to generate the SHA-1 hashes.
@@ -268,17 +270,18 @@
                                  ByteSequence storedPassword)
   {
     // Base64-decode the stored value and take the last 8 bytes as the salt.
-    byte[] saltBytes = new byte[NUM_SALT_BYTES];
-    byte[] digestBytes;
+    byte[] saltBytes;
+    byte[] digestBytes = new byte[SHA1_LENGTH];
+    int saltLength = 0;
     try
     {
       byte[] decodedBytes = Base64.decode(storedPassword.toString());
 
-      int digestLength = decodedBytes.length - NUM_SALT_BYTES;
-      digestBytes = new byte[digestLength];
-      System.arraycopy(decodedBytes, 0, digestBytes, 0, digestLength);
-      System.arraycopy(decodedBytes, digestLength, saltBytes, 0,
-                       NUM_SALT_BYTES);
+      saltLength = decodedBytes.length - SHA1_LENGTH;
+      saltBytes = new byte[saltLength];
+      System.arraycopy(decodedBytes, 0, digestBytes, 0, SHA1_LENGTH);
+      System.arraycopy(decodedBytes, SHA1_LENGTH, saltBytes, 0,
+                       saltLength);
     }
     catch (Exception e)
     {
@@ -296,10 +299,10 @@
 
     // Use the salt to generate a digest based on the provided plain-text value.
     int plainBytesLength = plaintextPassword.length();
-    byte[] plainPlusSalt = new byte[plainBytesLength + NUM_SALT_BYTES];
+    byte[] plainPlusSalt = new byte[plainBytesLength + saltLength];
     plaintextPassword.copyTo(plainPlusSalt);
     System.arraycopy(saltBytes, 0,plainPlusSalt, plainBytesLength,
-                     NUM_SALT_BYTES);
+                     saltLength);
 
     byte[] userDigestBytes;
 

--
Gitblit v1.10.0