WIP: IPB and openfire

So If someone has already done this just point me to that thread and ignore this but if not please keep reading.

EDIT: What would also be a huge help would be fore someone to just point me the java file that handles auth a user and logging them in.

I know enough java to get by and lately me and another friend are trying to code openfire so that it when a user logs in it will read from the ipd coded passwords.

Now I know that IPB stores the passwords as such. MD5 the password and MD5 a randomly generated phrase and then combine those two and MD5 them. So it looks like this:

Combine these two and md5 them

MD5 for phrase: bd9f6b91342e80ace719f732a3137c4f

MD5 for user password: 68304f082726df409f94b75917def397

Solution: MD5 for IPB Password: 732a43a75e7599aacd8e2a59e942d900

Pretty neat way to do it I guess but I’m trying to do the same for openfire. Basically I was going to add a table at the end of the openfire ofUser called phrase and when a user tries to login it will md5 the password he typed in and md5 the phrase and combine them and md5 that and compare that with whats stored in the DB. My problem is I can’t find the java file that openfire uses for logining in. I saw that openfire does paintext and I thought maybe I’ll just change that column to store md5 hash and compare but I dont know where the method is that does that compare for plaintext auth.

If anyone can help me out that would be a great pleasure!

This was the code I used for making those hashes above:

try {

MessageDigest md5 = MessageDigest.getInstance(“MD5”);

byte[] digest = md5.digest(s.getBytes());

result = toHex(digest);

}

catch (NoSuchAlgorithmException e) {

// useless

}

and

StringBuilder sb = new StringBuilder(a.length * 2);

for (int i = 0; i < a.length; i++) {

sb.append(Character.forDigit((a[i] & 0xf0) >> 4, 16));

sb.append(Character.forDigit(a[i] & 0x0f, 16));

}

return sb.toString();