How to prepare digest passwords for Tomcat JDBCRealm?

Question

In example here http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JDBCRealm the type of user_pass column is varchar(15), while java.security.MessageDigest class takes and returns byte[]. Which conversion one should apply to password 'abcd' (for example) to convert it into MD5 digest, expected by Tomcat?

PS.

I have tried the following and it works (coincides with digest.bat result). The only question is the length now: the digest is longer, than 15 characters. Can I just change the table?

public class DigestRunner {

    /**
     * @param args
     * @throws NoSuchAlgorithmException 
     */
    public static void main(String[] args) throws NoSuchAlgorithmException {
        String password = "abcd";
        MessageDigest dig = MessageDigest.getInstance("MD5");

        System.out.println(toString(dig.digest(password.getBytes())));

    }


    public static String toString(byte[] ba)
    {
        StringBuilder hex = new StringBuilder(ba.length * 2);

        for(byte b : ba)
            hex.append(String.format("%02x", b));

        return hex.toString();
    }

}

Answer 1

varchar(15) is definitely too short for digest password but it's usually enough for plaintext passwords. Just increase the size.

I have used the following code for creating digest passwords:

final MessageDigest messageDigest = java.security.MessageDigest.
        getInstance("SHA-256");
final byte bin[] = messageDigest.digest(("admin").getBytes());
System.out.println(Base64.encodeBase64String(bin));

(Base64 from Apache Commons Codec)

Furthermore, there is a digest.bat/digest.sh in Tomcat, check it on the page that you linked.