?

Log in

No account? Create an account
MD5 Java Library? - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

MD5 Java Library? [Aug. 4th, 2003|07:21 pm]
LiveJournal Client Discussions

lj_clients

[morallybass]
[music |Blueprint - Paradise]

Does anyone know where I can find a library for generating an MD5 hash for use with the livejournal xml-rpc?
linkReply

Comments:
[User Picture]From: herbie
2003-08-04 07:30 pm (UTC)
I love your icon... Roast Beef
(Reply) (Thread)
[User Picture]From: morallybass
2003-08-04 07:40 pm (UTC)
haha. yes, he is the man.

Any idea on the hash library? It's one of the features I wanted to stick in the lj find/replace tool I'm finishing up...
(Reply) (Parent) (Thread)
From: karma_chonyi
2003-08-04 08:20 pm (UTC)
If you are doing this in Java, there is the standard java.security.MessageDigest object, which would be used as follows =>

You need to get the password into a byte[], represented as the variable password, below.

byte[] password;
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(password);
byte[] passwordHash = md.digest();

Then you just use the byte[] passwordHash as the password from there on out.

I have yet to try this myself, but I will probably be doing so in the next few weeks, so if it works out for you (or not), tell me
(Reply) (Thread)
(Deleted comment)
From: karma_chonyi
2003-08-04 08:32 pm (UTC)
Based on the API it says only that the return is a byte[]. I was curious myself how this would work in the context of passing this through to the server, as it may not be XML-RPC friendly. I do not know if an MD5 hash is, by it's nature, Base64 or not, so as to not cause difficulties.

I plan to play a bit tonight, so perhaps I will find out sooner rather than later.
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 08:39 pm (UTC)
If you look at the Apache xmlrpc types spec, it should convert fine within the base64 tag. We shall see if it all connects together properly.
(Reply) (Parent) (Thread)
[User Picture]From: kumokasumi
2003-08-04 08:49 pm (UTC)
Ah, this I can answer, I think.

The XML-RPC interface wants an XML-RPC string (not a base64 block or an array or anything else) of hexadecimal characters [0-9, a-f].

Here's where I'm hazy about the Java bit. You have to convert the value in the byte[] array to a hexidecimal string representation. Python offers a hexdigest() method in the md5 module, which is why I posted the nonsense I posted earlier. I don't know what Java offers.
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 08:59 pm (UTC)
I think you're on the right track. I'm generating my byte[] hash no problem, but both methods of including it in the rpc call cause problems.

If I send the byte[] as is (ie: encoded via base64 tag) it claims the password is incorrect.

If I convert the byte[] to a string directly, it sends back an RPC fault.

You're saying I need to create a String of hexadecimal didgits?
(Reply) (Parent) (Thread)
From: karma_chonyi
2003-08-04 09:17 pm (UTC)
A fairly easy way to turn any byte into it's hex representation, if this is necessary, might be to use Integer.toHexString((int) byteValue); The return value of this call being a string. The entire array could be processed like this, and thrown together in a StringBuffer.

Probably won't get to messing with this tonight. I have the jLiveJournal client code, looked through it briefly, and it seems to use the plaintext password rather than the MD5 hash option.
(Reply) (Parent) (Thread)
(Deleted comment)
From: karma_chonyi
2003-08-06 01:25 pm (UTC)

Re: Plans

Very nice solution. Much cleaner than the approach used in jLiveJournal (posted below). Thanks a lot for posting this.
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 08:36 pm (UTC)
Thanks for the suggestion, I'm playing with it now and it looks to work. I just need to plug it into some live RPC calls. I had seen that in the Java API but didn't realize it was already populated with algorithms; I assumed that I would need a 3rd party implementation that conformed to the MessageDigest interface. And it was hiding there the whole time...

Thanks!
(Reply) (Parent) (Thread)
From: karma_chonyi
2003-08-04 08:43 pm (UTC)
Most excellent. If you get it working, and it isn't a horribly large piece of code, if you could post it here that would be most excellent.

Always happy to help, and the Java API is littered with little diamonds of code to make life easier.
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 09:17 pm (UTC)
I'm blocked on the encoding problem kumokasumi alluded to. Given my hash as a byte[], I can either send that (which then gets encoded via base64 tags, internally through the apache xmlrpc library) or I tried just converting the byte[] to a String. When I use the first method, I get "Invalid password", when I use the second I get an RPC fault.

The code is part of a global find/replace tool I'm putting together. It's command line driven at the moment, GUI applet in the works...
(Reply) (Parent) (Thread)
From: karma_chonyi
2003-08-04 09:27 pm (UTC)
I think I found what you need.. it was in the jLiveJournal source.. a new tree I believe. It is a GPL project at www.sf.net/projects/jlivejournal, just so you know.

code =>

private static String getHash(String msg) {
byte buf[] = msg.getBytes();
StringBuffer hexString = new StringBuffer();
try {
MessageDigest algorithm = MessageDigest.getInstance("MD5");
algorithm.reset();
algorithm.update(buf);
byte[] digest = algorithm.digest();
for (int i = 0; i < digest.length; i++) {
hexString.append(pad(Integer.toHexString(0xFF & digest[i]), 2));
}
catch (Exception e) {
e.printStackTrace();
}
return hexString.toString();
}

"msg" in the case, would be, of course, the password.

Formatting is bad, but that is my fault.. looks like it was done w/ a windoze editor or some IDE, so my vim added a bunch of nasty tabs I had to pull out. Sorry
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 09:30 pm (UTC)
You're my hero. I was 90% there with your previous comment, but that looks like the trick right there. Thanks for the insight on the encoding.
(Reply) (Parent) (Thread)
From: karma_chonyi
2003-08-04 09:33 pm (UTC)
Sorry, there is also a pad() method referred to in that snipped, which I didn't include in my previous post.. here it is =>

private static String pad(String i, int l) {
while (i.length() < l) {
i = '0' + i;
}
return i;
}

Formatting sucks again.. I need to get my vim to automatically replace those nasty tabs with spaces like they should have been in the first place.
(Reply) (Parent) (Thread)
[User Picture]From: morallybass
2003-08-04 09:41 pm (UTC)
That did the trick, it's all flying now.

I'll let you know when the GUI is done if you want to play with the tool. The command line version is up on that link I dropped earlier.
(Reply) (Parent) (Thread)
[User Picture]From: alekro
2004-03-09 12:40 pm (UTC)
Thank you for this great code (I mean getHash etc.)!
(Reply) (Parent) (Thread)
[User Picture]From: isapioff
2005-05-06 08:48 am (UTC)
I want to thank you for this piece of code. It's really helpfull for me, I'm goint to use it in my offline client.
(Reply) (Parent) (Thread)
From: valentit_love9
2004-03-09 07:42 am (UTC)

I read this.

I have found this post very interesting.
Stories on http://stories.dmozx.org
http://stories.dmozx.org
(Reply) (Thread)
[User Picture]From: zloba
2005-05-10 09:17 am (UTC)
www.livejournal.com/update.bml
check source for MD5.JS, it works just fine.
(Reply) (Thread)