1 Reply Latest reply on Oct 11, 2013 11:01 AM by lychko

JBOSS-WS verify password Digest manually at the server

kenbarnes Jun 28, 2012 2:35 PM

I am using jboss 5.1.0.GA and jbossws-3.1.2.GA.

I am attempting to verify the password digest on the server side outside of the Jaas module like so

private void testSHA(String nonce, String created, String passwordDigest) {

Base64 encoder = new Base64();

String concat = nonce + created + "password";

try {

MessageDigest md = MessageDigest.getInstance("SHA1");

md.update(concat.getBytes());

byte[] arr = md.digest();

String fin = encoder.encodeBase64String(arr);

System.out.println("fin: "+fin);

System.out.println("dig: "+pd);

} catch (NoSuchAlgorithmException ex) {

Logger.getLogger(NtcssWsSecurityServer.class.getName()).log(Level.SEVERE, null, ex);

}

All values are pulled off the soap header and the "password" is shared.

If I use SOAP UI to submit the request, with nonce,created, and password digest I can never get the digest to match up. Also It looks like the nonce is Base64 encoded and Hashed at the server.

What Am I missing.

Thanks

1. Re: JBOSS-WS verify password Digest manually at the server

lychko Oct 11, 2013 11:01 AM (in response to kenbarnes)

Ken Barnes написал(а):

String concat = nonce + created + "password";

This should look like

	byte[] b1 = nonce != null ? Base64.decode(nonce) : new byte[0];
	byte[] b2 = created != null ? created.getBytes("UTF-8") : new byte[0];
	byte[] b3 = "password";
	byte[] b4 = new byte[b1.length + b2.length + b3.length];
	int offset = 0;
	System.arraycopy(b1, 0, b4, offset, b1.length);
	offset += b1.length;
	System.arraycopy(b2, 0, b4, offset, b2.length);
	offset += b2.length;
	System.arraycopy(b3, 0, b4, offset, b3.length);