diff options
| author | Jack Magne <jmagne@localhost.localdomain> | 2015-08-11 18:26:04 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@localhost.localdomain> | 2015-08-13 15:06:51 -0700 |
| commit | f60846e025ff5492e8c05ccf525fe8df1b59bba6 (patch) | |
| tree | e0535b61cdde9e64f4792072ed6f324988be3d50 /base/server/cms/src/com/netscape | |
| parent | a62ab357eb759ea59ea5204a046d0cab99126000 (diff) | |
| download | pki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.tar.gz pki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.tar.xz pki-f60846e025ff5492e8c05ccf525fe8df1b59bba6.zip | |
setpin utility doesn't set the pin for users.
There were some things wrong with the setpin utility.
1. There were some syntax violations that had to be dealt with or a DS with syntax checking
would not be pleased.
2. The back end is expecting a byte of hash data at the beginning of the pin.
In our case we are sending NO hash so we want this code at the beginning '-'
3. We also need to prepend the dn in front of the pin so the back end can verify the set pin.
Tested to work during both steps of the setpin process: 1) Creating the schema, 2) creating the pin.
Tested to work with actual PinBased Enrollment.
4. Fix also now supports the SHA256 hashing method only, with the sha256 being the default hash.
The no hash option is supported but puts the pin in the clear.
Diffstat (limited to 'base/server/cms/src/com/netscape')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java index 82331dade..6caa9a1bf 100644 --- a/base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java +++ b/base/server/cms/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java @@ -75,6 +75,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected static final byte SENTINEL_SHA = 0; protected static final byte SENTINEL_MD5 = 1; + protected static final byte SENTINEL_SHA256 = 2; protected static final byte SENTINEL_NONE = 0x2d; /* Holds configuration parameters accepted by this implementation. @@ -132,6 +133,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication protected String mPinAttr = DEF_PIN_ATTR; protected MessageDigest mSHADigest = null; protected MessageDigest mMD5Digest = null; + protected MessageDigest mSHA256Digest = null; private ILdapConnFactory removePinLdapFactory = null; private LDAPConnection removePinLdapConnection = null; @@ -165,6 +167,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication try { mSHADigest = MessageDigest.getInstance("SHA1"); mMD5Digest = MessageDigest.getInstance("MD5"); + mSHA256Digest = MessageDigest.getInstance("SHA256"); } catch (NoSuchAlgorithmException e) { throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); } @@ -336,6 +339,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication pinDigest = mSHADigest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_MD5) { pinDigest = mMD5Digest.digest(toBeDigested.getBytes()); + } else if (hashtype == SENTINEL_SHA256) { + pinDigest = mSHA256Digest.digest(toBeDigested.getBytes()); } else if (hashtype == SENTINEL_NONE) { pinDigest = toBeDigested.getBytes(); } else { |