[JDEV] 0k authentication + java

Chris Chen ckchris at idream.net
Mon Nov 5 16:49:27 CST 2001 

Yes, I finally got it figured out.. Apparently, the hashed string needs to 
be all lowercase.

Your reference message is the one I posted.. Since then, I have gotten Java 
0k auth to work... You can check out the source code at:

http://www.echomine.org/projects/muse/


I recently just released a new version of the API that includes support for 
most of the jabber message types (minus about a 3 or 4 message types not 
implemented yet).

Take a look at the class AuthIQMessage and you'll see how the 0k is done.

Thanks,
Chris

At 02:19 PM 11/5/2001, you wrote:
>i've been looking through the archives for the answer to my problems with
>sha authentication and hashing using java but can't find it.  i saw a few
>posts regarding this topic so i would like to know if anyone has found the
>answers.
>
>i'm trying to do java and 0k authentication.  i have tried to follow the
>specs but i'm not entirely sure i'm doing it the right way.  here are my
>questions:
>
>     1. the token the server sends me...it looks like a hex sequence.  should
>i hash the string or convert the sequence into a byte sequence then hash
>that?
>     2. the simple authentication says something like: take the id and concat
>it to the password, then hash.  for the 0k authentication it says use
>"passwordHash+token"  so, is this the correct sequence to contact the
>strings? and
>     3. should i convert the password hash into a string representation of a
>byte sequence, concat that to the token and hash that string? or should i
>hash the passwordHash byte sequence plus the token sequence.
>     4. and should each subsequent hash be converted to string rep then
>rehashed or just hash on the bytes returned from the previous hash?
>
>i've tried all the possible combinations i've listed above, none of them
>have worked, so i'm obviously doing something extremely wrong: so my next
>question is for those familiar with the java messagedigest obj:
>     * could you tell me if updating the message digest adds the byte
>sequence to the end of the previous digest or do i need to use
>System.arraycopy to create a new password+hash sequence, update the message
>digest with that and rehash?
>
>
>i looked at the message with the c snippet for hashing but i couldn't
>translate it to java because i'm not sure what the sha_hash function params
>are.
>*any* help is appreciated
>
>here are some references:
>     Previous Java 0K question -
>http://mailman.jabber.org/pipermail/jdev/2001-August/007970.html
>     Simple Client Auth -
>http://docs.jabber.org/proto/html/jabber:iq:auth.html
>     0k Auth Draft - http://docs.jabber.org/draft-proto/html/zerok.html
>
>thanks!
>
>/r
>
>
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev

PGP at ldap://certserver.pgp.com/

More information about the JDev mailing list