https://bz.apache.org/bugzilla/show_bug.cgi?id=69852
--- Comment #2 from Grzegorz Grzybek <[email protected]> --- But check https://github.com/apache/tomcat/blob/1da17751e26e77d6382b20701fe450282750aa34/java/org/apache/catalina/realm/MessageDigestCredentialHandler.java#L111-L112 there's: ``` if (storedCredentials.startsWith("{MD5}") || storedCredentials.startsWith("{SHA}")) { // Server is storing digested passwords with a prefix indicating // the digest type String base64ServerDigest = storedCredentials.substring(5); byte[] userDigest = ConcurrentMessageDigest.digest(getAlgorithm(), inputCredentials.getBytes(StandardCharsets.ISO_8859_1)); String base64UserDigest = Base64.getEncoder().encodeToString(userDigest); return DigestCredentialHandlerBase.equals(base64UserDigest, base64ServerDigest, false); } ``` so instead of `MD5` or `SHA-1`, `getAlgorithm()` is passed to `ConcurrentMessageDigest.digest()`. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
