views:

79

answers:

1

Hi, I need to send to a server in POST an email (String) and a password (MD5 hash in byte[]).

Below how I get my MD5 hash where "password" is a String (what the user enter):

byte[] passMD5 = Crypto.encodeStringMD5(password);

And the function:

public static byte[] encodeStringMD5(String s) throws Exception {
    byte[] bytes = s.getBytes();
    MD5Digest digest = new MD5Digest();
    digest.update(bytes, 0, bytes.length);
    int length = digest.getDigestLength();
    byte[] md5 = new byte[length];
    digest.getDigest(md5, 0, true);
    return md5;
}

So "passMD5" should be an MD5 hash in bytes of my string value "password", right?

Then I need to send the information through HTTP POST to an URL and read the result (XML). See below the rest of the code:

readURL(urlTemplate, email, passMD5);

Where urlTemplate is a String like "http://www.domain.com/myfile.aspx?action=login&enc=1", email a String and password the MD5 hash in bytes.

The readURL below:

private void readURL(String url, String email, byte[] pass) throws IOException {
    HttpConnection conn = null;
    InputStream in = null;
    OutputStream os = null;
    byte dataBytes[];

    try {
        URLEncodedPostData data = new URLEncodedPostData(URLEncodedPostData.DEFAULT_CHARSET, false);
        data.append("email", email);
        data.append("pass", pass.toString());

        dataBytes = data.getBytes();

        conn = (HttpConnection) Connector.open(url, Connector.READ_WRITE);
        conn.setRequestMethod(HttpConnection.POST);
        conn.setRequestProperty("Content-Type", data.getContentType());
        conn.setRequestProperty("Content-Length", Integer.toString(dataBytes.length));

        os = conn.openOutputStream();
        os.write(dataBytes);
        os.flush();
        os.close();

        in = conn.openInputStream();
        verifyLogin(getLoginContent(in));
    } catch (IOException e) {

    } catch (IllegalArgumentException e) {

    } finally {
        ConnectionUtil.close(conn, in);
        ConnectionUtil.close(conn, os);
    }
}

So right now the MD hash of the password in transformed to a String in order to be added to the data.append() function that only takes String parameters... I think because of this, I don't send the good MD5 hash and it makes a problem.

On the server side in ASP.NET C#, I have this:

byte[] PasswordHash;

if (enc == 0) {
    MD5 MD5Hasher = MD5.Create();
    PasswordHash = MD5Hasher.ComputeHash(Encoding.Unicode.GetBytes(Password));
} else {
    PasswordHash = Encoding.Unicode.GetBytes(Password);
}

So when I ask this URL "http://www.domain.com/myfile.aspx?action=login&enc=0" and give the password AS IS (so a String, not a byte[] and not MD5 hash) and do

data.append("pass", password);

then it works.

I just have either a problem with creating my MD5 hash or with the HTTP POST or both... Please help me!

A: 

You can't just call "toString()" on a byte[] and expect to get a meaningful result. If you want to convert it to a hex representation of the bytes, you need a method to do that. I suggest going back to your previous question at http://stackoverflow.com/questions/3233287/blackberry-encode-md5-different-from-md5-in-c since you had a function there that did the converstion from byte[] to String.

Marc Novakowski
Yeah, I know. It was just a try. So I'm now using this: byte[] bytes = s.getBytes("UTF-16LE"); to convert in the correct format (the same as the C# one), and pass the byte[] to my function private static String convertToHex(byte[] data). Then send it to the server via POST. Happy news, I got the same as in my database! Here is what i get from the blackberry: 09c09e5b52580e477514fa.........., and from the database: 0x09C09E5B52580E477514FA.......... There is just the 0x in front of the one from my DB. Do you know why?
Dachmt
Anyway, the problem is on the server side. I have a String that is the MD5 hash encoded in UTF-16LE, and I want the same but in byte[]. So when I do PasswordHash = Encoding.Unicode.GetBytes(Password); it changes my result and so it doesn't work... I need to have a byte array with the value of my String. I'm a kinda lost here
Dachmt
Solution solved. After encoding the result in UTF-16LE and having the good result, I needed to transform my hex string in bytes only. I found a useful link with the function at http://www.nathanm.com/csharp-convert-hex-string-tofrom-byte-array-fast/comment-page-1/#comment-147669.So I did: PasswordHash = HexStringToByteArray(Password); and I finally succeeded what I wanted! Thanks
Dachmt