Blackberry MD5 authentication with HTTP Post

Question

Hi, I need to send to a server in POST an email (String) and a password (MD5 hash in byte[]).

Below how I get my MD5 hash where "password" is a String (what the user enter):

byte[] passMD5 = Crypto.encodeStringMD5(password);

And the function:

public static byte[] encodeStringMD5(String s) throws Exception {
    byte[] bytes = s.getBytes();
    MD5Digest digest = new MD5Digest();
    digest.update(bytes, 0, bytes.length);
    int length = digest.getDigestLength();
    byte[] md5 = new byte[length];
    digest.getDigest(md5, 0, true);
    return md5;
}

So "passMD5" should be an MD5 hash in bytes of my string value "password", right?

Then I need to send the information through HTTP POST to an URL and read the result (XML). See below the rest of the code:

readURL(urlTemplate, email, passMD5);

Where urlTemplate is a String like "http://www.domain.com/myfile.aspx?action=login&enc=1", email a String and password the MD5 hash in bytes.

The readURL below:

private void readURL(String url, String email, byte[] pass) throws IOException {
    HttpConnection conn = null;
    InputStream in = null;
    OutputStream os = null;
    byte dataBytes[];

    try {
        URLEncodedPostData data = new URLEncodedPostData(URLEncodedPostData.DEFAULT_CHARSET, false);
        data.append("email", email);
        data.append("pass", pass.toString());

        dataBytes = data.getBytes();

        conn = (HttpConnection) Connector.open(url, Connector.READ_WRITE);
        conn.setRequestMethod(HttpConnection.POST);
        conn.setRequestProperty("Content-Type", data.getContentType());
        conn.setRequestProperty("Content-Length", Integer.toString(dataBytes.length));

        os = conn.openOutputStream();
        os.write(dataBytes);
        os.flush();
        os.close();

        in = conn.openInputStream();
        verifyLogin(getLoginContent(in));
    } catch (IOException e) {

    } catch (IllegalArgumentException e) {

    } finally {
        ConnectionUtil.close(conn, in);
        ConnectionUtil.close(conn, os);
    }
}

So right now the MD hash of the password in transformed to a String in order to be added to the data.append() function that only takes String parameters... I think because of this, I don't send the good MD5 hash and it makes a problem.

On the server side in ASP.NET C#, I have this:

byte[] PasswordHash;

if (enc == 0) {
    MD5 MD5Hasher = MD5.Create();
    PasswordHash = MD5Hasher.ComputeHash(Encoding.Unicode.GetBytes(Password));
} else {
    PasswordHash = Encoding.Unicode.GetBytes(Password);
}

So when I ask this URL "http://www.domain.com/myfile.aspx?action=login&enc=0" and give the password AS IS (so a String, not a byte[] and not MD5 hash) and do

data.append("pass", password);

then it works.

I just have either a problem with creating my MD5 hash or with the HTTP POST or both... Please help me!

Answer 1

You can't just call "toString()" on a byte[] and expect to get a meaningful result. If you want to convert it to a hex representation of the bytes, you need a method to do that. I suggest going back to your previous question at http://stackoverflow.com/questions/3233287/blackberry-encode-md5-different-from-md5-in-c since you had a function there that did the converstion from byte[] to String.