1 Reply Latest reply on Oct 11, 2013 11:01 AM by lychko

    JBOSS-WS verify password Digest manually at the server

    kenbarnes

      I am using jboss 5.1.0.GA and jbossws-3.1.2.GA.

       

      I am attempting to verify the password digest on the server side outside of the Jaas module like so

       

      private void testSHA(String nonce, String created, String passwordDigest) {

              Base64 encoder = new Base64();

              String concat = nonce + created + "password";

              try {

                  MessageDigest md = MessageDigest.getInstance("SHA1");           

                  md.update(concat.getBytes());

                  byte[] arr = md.digest();

                  String fin = encoder.encodeBase64String(arr);

                  System.out.println("fin: "+fin);

                  System.out.println("dig: "+pd);

              } catch (NoSuchAlgorithmException ex) {

                  Logger.getLogger(NtcssWsSecurityServer.class.getName()).log(Level.SEVERE, null, ex);

              }

          }

      All values are pulled off the soap header and the "password" is shared.

      If I use SOAP UI to submit the request, with nonce,created, and password digest I can never get the digest to match up. Also It looks like the nonce is Base64 encoded and Hashed at the server.

      What Am I missing.

      Thanks

        • 1. Re: JBOSS-WS verify password Digest manually at the server
          lychko

          Ken Barnes написал(а):

           

                  String concat = nonce + created + "password";


           

          This should look like

              byte[] b1 = nonce != null ? Base64.decode(nonce) : new byte[0];
             byte[] b2 = created != null ? created.getBytes("UTF-8") : new byte[0];
             byte[] b3 = "password";
             byte[] b4 = new byte[b1.length + b2.length + b3.length];
             int offset = 0;
             System.arraycopy(b1, 0, b4, offset, b1.length);
             offset += b1.length;
             System.arraycopy(b2, 0, b4, offset, b2.length);
             offset += b2.length;
             System.arraycopy(b3, 0, b4, offset, b3.length);