1 Reply Latest reply on Dec 20, 2011 2:16 PM by Humberto Ferreira da Luz Jr.

    SHA-256 + Base64 encoding

    Humberto Ferreira da Luz Jr. Novice

      I configured my standalone.xml like that:

       

      <security-domain name="portalRealm">
      <authentication>
      <module-option name="hashAlgorithm" value="SHA-256"/>
      <module-option name="hashEncoding" value="base64"/>
      </login-module>
      </authentication>
      </security-domain>
      </security-domains>
      

       

      I updated the password in the database using the value that I got from http://insidepro.com/hashes.php?lang=eng#2.

       

      It worked perfectly, I authenticated correctly with JAAS, but now I need to update the password with SHA-256+Base64 through my application.

       

      I tried using the seam security Base64 class:

       

      MessageDigest md = MessageDigest.getInstance("SHA-256");
       md.update("teste".getBytes());
       String shaValue = stringHexa(md.digest()); //here I get the correct SHA-256 value (46070d4bf934fb0d4b06d9e2c46e346944e322444900a435d7d9a95e6d7435f5).
       org.jboss.seam.security.util.Base64.encodeBytes(shaValue); //here I get the wrong value (
      NDYwNzBkNGJmOTM0ZmIwZDRiMDZkOWUyYzQ2ZTM0Njk0NGUzMjI0NDQ5MDBhNDM1ZDdkOWE5NWU2
      ZDc0MzVmNQ==) instead of (RgcNS/k0+w1LBtnixG40aUTjIkRJAKQ119mpXm10NfU=)
      

       

      My stringHexa method:

      private  String stringHexa(byte[] bytes) {
       StringBuilder s = new StringBuilder();
       for (int i = 0; i < bytes.length; i++) {
       int parteAlta = ((bytes[i] >> 4) & 0xf) << 4;
       int parteBaixa = bytes[i] & 0xf;
       if (parteAlta == 0) {
       s.append('0');
       }
       s.append(Integer.toHexString(parteAlta | parteBaixa));
       }
       return s.toString();
       }
      

       

      Does somebody know why I'm getting the incorrect Base64 value? Does JBoss AS come with its own libraries to deal with encoding and decoding?