File Source: WSSEUtilities.java
/*
P/P * Method: org.apache.roller.weblogger.util.WSSEUtilities__static_init
*/
1 /*
2 * Copyright 2005, Dave Johnson
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.apache.roller.weblogger.util;
17
18 import java.io.IOException;
19 import java.io.UnsupportedEncodingException;
20 import java.security.MessageDigest;
21 import java.security.NoSuchAlgorithmException;
22 import java.text.SimpleDateFormat;
23 import java.util.Date;
24
25 import org.apache.commons.codec.binary.Base64;
26
27 /**
28 * Utilties to support WSSE authentication.
29 * @author Dave Johnson
30 */
/*
P/P * Method: void org.apache.roller.weblogger.util.WSSEUtilities()
*/
31 public class WSSEUtilities {
32 public static synchronized String generateDigest(
33 byte[] nonce, byte[] created, byte[] password) {
/*
P/P * Method: String generateDigest(byte[], byte[], byte[])
*
* Presumptions:
* java.security.MessageDigest:getInstance(...)@36 != null
*
* Postconditions:
* return_value == One-of{&new String(generateDigest#1), null}
* return_value in Addr_Set{null,&new String(generateDigest#1)}
* new String(generateDigest#1) num objects <= 1
*/
34 String result = null;
35 try {
36 MessageDigest digester = MessageDigest.getInstance("SHA");
37 digester.reset();
38 digester.update(nonce);
39 digester.update(created);
40 digester.update(password);
41 byte[] digest = digester.digest();
42 result = new String(base64Encode(digest));
43 }
44 catch (NoSuchAlgorithmException e) {
45 result = null;
46 }
47 return result;
48 }
49 public static byte[] base64Decode(String value) throws IOException {
/*
P/P * Method: byte[] base64Decode(String)
*
* Preconditions:
* value != null
*
* Postconditions:
* init'ed(return_value)
*/
50 return Base64.decodeBase64(value.getBytes("UTF-8"));
51 }
52 public static String base64Encode(byte[] value) {
/*
P/P * Method: String base64Encode(byte[])
*
* Postconditions:
* return_value == &new String(base64Encode#1)
* new String(base64Encode#1) num objects == 1
*/
53 return new String(Base64.encodeBase64(value));
54 }
55 public static String generateWSSEHeader(String userName, String password)
56 throws UnsupportedEncodingException {
57
/*
P/P * Method: String generateWSSEHeader(String, String)
*
* Preconditions:
* password != null
*
* Presumptions:
* java.text.SimpleDateFormat:format(...)@62 != null
*
* Postconditions:
* java.lang.StringBuffer:toString(...)._tainted == userName._tainted
* init'ed(java.lang.StringBuffer:toString(...)._tainted)
* return_value == &java.lang.StringBuffer:toString(...)
*/
58 byte[] nonceBytes = Long.toString(new Date().getTime()).getBytes();
59 String nonce = new String(WSSEUtilities.base64Encode(nonceBytes));
60
61 SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
62 String created = sdf.format(new Date());
63
64 String digest = WSSEUtilities.generateDigest(
65 nonceBytes, created.getBytes("UTF-8"), password.getBytes("UTF-8"));
66
67 StringBuffer header = new StringBuffer("UsernameToken Username=\"");
68 header.append(userName);
69 header.append("\", ");
70 header.append("PasswordDigest=\"");
71 header.append(digest);
72 header.append("\", ");
73 header.append("Nonce=\"");
74 header.append(nonce);
75 header.append("\", ");
76 header.append("Created=\"");
77 header.append(created);
78 header.append("\"");
79 return header.toString();
80 }
81 }
SofCheck Inspector Build Version : 2.18479
| WSSEUtilities.java |
2009-Jan-02 14:25:22 |
| WSSEUtilities.class |
2009-Sep-04 03:12:32 |