//# 0 errors, 65 messages
//#
/*
    //#WSSEUtilities.java:1:1: class: org.apache.roller.weblogger.util.WSSEUtilities
    //#WSSEUtilities.java:1:1: method: org.apache.roller.weblogger.util.WSSEUtilities.org.apache.roller.weblogger.util.WSSEUtilities__static_init
 * Copyright 2005, Dave Johnson
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.roller.weblogger.util;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;

import org.apache.commons.codec.binary.Base64;

/**
 * Utilties to support WSSE authentication.
 * @author Dave Johnson
 */
public class WSSEUtilities {
    //#WSSEUtilities.java:31: method: void org.apache.roller.weblogger.util.WSSEUtilities.org.apache.roller.weblogger.util.WSSEUtilities()
    //#WSSEUtilities.java:31: end of method: void org.apache.roller.weblogger.util.WSSEUtilities.org.apache.roller.weblogger.util.WSSEUtilities()
    public static synchronized String generateDigest(
            byte[] nonce, byte[] created, byte[] password) {
        String result = null;
    //#WSSEUtilities.java:34: method: String org.apache.roller.weblogger.util.WSSEUtilities.generateDigest(byte[], byte[], byte[])
    //#WSSEUtilities.java:34: Warning: unused assignment
    //#    unused assignment into result
    //#    severity: SUPPRESSED
    //#    class: org.apache.roller.weblogger.util.WSSEUtilities
    //#    method: String generateDigest(byte[], byte[], byte[])
    //#    Attribs:  Uncertain
    //#input(String generateDigest(byte[], byte[], byte[])): created
    //#input(String generateDigest(byte[], byte[], byte[])): nonce
    //#input(String generateDigest(byte[], byte[], byte[])): password
    //#output(String generateDigest(byte[], byte[], byte[])): new String(generateDigest#1) num objects
    //#output(String generateDigest(byte[], byte[], byte[])): return_value
    //#new obj(String generateDigest(byte[], byte[], byte[])): new String(generateDigest#1)
    //#presumption(String generateDigest(byte[], byte[], byte[])): java.security.MessageDigest:getInstance(...)@36 != null
    //#post(String generateDigest(byte[], byte[], byte[])): return_value == One-of{&new String(generateDigest#1), null}
    //#post(String generateDigest(byte[], byte[], byte[])): return_value in Addr_Set{null,&new String(generateDigest#1)}
    //#post(String generateDigest(byte[], byte[], byte[])): new String(generateDigest#1) num objects <= 1
    //#unanalyzed(String generateDigest(byte[], byte[], byte[])): Effects-of-calling:org.apache.commons.codec.binary.Base64:encodeBase64
    //#unanalyzed(String generateDigest(byte[], byte[], byte[])): Effects-of-calling:java.lang.String
        try {
            MessageDigest digester = MessageDigest.getInstance("SHA");
            digester.reset();
            digester.update(nonce);
            digester.update(created);
            digester.update(password);
            byte[] digest = digester.digest();
            result = new String(base64Encode(digest));
        }
        catch (NoSuchAlgorithmException e) {
            result = null;
        }
        return result;
    //#WSSEUtilities.java:47: end of method: String org.apache.roller.weblogger.util.WSSEUtilities.generateDigest(byte[], byte[], byte[])
    }
    public static byte[] base64Decode(String value) throws IOException {
        return Base64.decodeBase64(value.getBytes("UTF-8"));
    //#WSSEUtilities.java:50: method: byte[] org.apache.roller.weblogger.util.WSSEUtilities.base64Decode(String)
    //#WSSEUtilities.java:50: Warning: method not available
    //#    -- call on byte[] org.apache.commons.codec.binary.Base64:decodeBase64(byte[])
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.util.WSSEUtilities
    //#    method: byte[] base64Decode(String)
    //#    unanalyzed callee: byte[] org.apache.commons.codec.binary.Base64:decodeBase64(byte[])
    //#input(byte[] base64Decode(String)): value
    //#output(byte[] base64Decode(String)): return_value
    //#pre[1] (byte[] base64Decode(String)): value != null
    //#post(byte[] base64Decode(String)): init'ed(return_value)
    //#WSSEUtilities.java:50: end of method: byte[] org.apache.roller.weblogger.util.WSSEUtilities.base64Decode(String)
    }
    public static String base64Encode(byte[] value) {
        return new String(Base64.encodeBase64(value));
    //#WSSEUtilities.java:53: method: String org.apache.roller.weblogger.util.WSSEUtilities.base64Encode(byte[])
    //#WSSEUtilities.java:53: Warning: method not available
    //#    -- call on byte[] org.apache.commons.codec.binary.Base64:encodeBase64(byte[])
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.util.WSSEUtilities
    //#    method: String base64Encode(byte[])
    //#    unanalyzed callee: byte[] org.apache.commons.codec.binary.Base64:encodeBase64(byte[])
    //#input(String base64Encode(byte[])): value
    //#output(String base64Encode(byte[])): new String(base64Encode#1) num objects
    //#output(String base64Encode(byte[])): return_value
    //#new obj(String base64Encode(byte[])): new String(base64Encode#1)
    //#post(String base64Encode(byte[])): return_value == &new String(base64Encode#1)
    //#post(String base64Encode(byte[])): new String(base64Encode#1) num objects == 1
    //#WSSEUtilities.java:53: end of method: String org.apache.roller.weblogger.util.WSSEUtilities.base64Encode(byte[])
    }
    public static String generateWSSEHeader(String userName, String password) 
    throws UnsupportedEncodingException {  
       
        byte[] nonceBytes = Long.toString(new Date().getTime()).getBytes();
    //#WSSEUtilities.java:58: method: String org.apache.roller.weblogger.util.WSSEUtilities.generateWSSEHeader(String, String)
    //#input(String generateWSSEHeader(String, String)): """._tainted
    //#input(String generateWSSEHeader(String, String)): "", "._tainted
    //#input(String generateWSSEHeader(String, String)): "Created=""._tainted
    //#input(String generateWSSEHeader(String, String)): "Nonce=""._tainted
    //#input(String generateWSSEHeader(String, String)): "PasswordDigest=""._tainted
    //#input(String generateWSSEHeader(String, String)): "UsernameToken Username=""._tainted
    //#input(String generateWSSEHeader(String, String)): password
    //#input(String generateWSSEHeader(String, String)): userName
    //#input(String generateWSSEHeader(String, String)): userName._tainted
    //#output(String generateWSSEHeader(String, String)): java.lang.StringBuffer:toString(...)._tainted
    //#output(String generateWSSEHeader(String, String)): return_value
    //#new obj(String generateWSSEHeader(String, String)): java.lang.StringBuffer:toString(...)
    //#pre[1] (String generateWSSEHeader(String, String)): password != null
    //#presumption(String generateWSSEHeader(String, String)): java.text.SimpleDateFormat:format(...)@62 != null
    //#post(String generateWSSEHeader(String, String)): java.lang.StringBuffer:toString(...)._tainted == userName._tainted
    //#post(String generateWSSEHeader(String, String)): init'ed(java.lang.StringBuffer:toString(...)._tainted)
    //#post(String generateWSSEHeader(String, String)): return_value == &java.lang.StringBuffer:toString(...)
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:org.apache.commons.codec.binary.Base64:encodeBase64
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.lang.String
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.security.MessageDigest:getInstance
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.security.MessageDigest:reset
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.security.MessageDigest:update
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.security.MessageDigest:digest
    //#unanalyzed(String generateWSSEHeader(String, String)): Effects-of-calling:java.lang.Throwable:__curr_excep_obj
        String nonce = new String(WSSEUtilities.base64Encode(nonceBytes));
        
        SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        String created = sdf.format(new Date());
        
        String digest = WSSEUtilities.generateDigest(
                nonceBytes, created.getBytes("UTF-8"), password.getBytes("UTF-8"));
        
        StringBuffer header = new StringBuffer("UsernameToken Username=\"");
        header.append(userName);
        header.append("\", ");
        header.append("PasswordDigest=\"");
        header.append(digest);
        header.append("\", ");
        header.append("Nonce=\"");
        header.append(nonce);
        header.append("\", ");
        header.append("Created=\"");
        header.append(created);
        header.append("\"");
        return header.toString();
    //#WSSEUtilities.java:79: end of method: String org.apache.roller.weblogger.util.WSSEUtilities.generateWSSEHeader(String, String)
    }
}
    //#output(org.apache.roller.weblogger.util.WSSEUtilities__static_init): __Descendant_Table[org/apache/roller/weblogger/util/WSSEUtilities]
    //#post(org.apache.roller.weblogger.util.WSSEUtilities__static_init): __Descendant_Table[org/apache/roller/weblogger/util/WSSEUtilities] == &__Dispatch_Table
    //#WSSEUtilities.java:: end of method: org.apache.roller.weblogger.util.WSSEUtilities.org.apache.roller.weblogger.util.WSSEUtilities__static_init
    //#WSSEUtilities.java:: end of class: org.apache.roller.weblogger.util.WSSEUtilities
