You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Sam <j2...@gmail.com> on 2013/10/25 22:19:17 UTC

Password Digest implementation in CXF??

Hi guys,

In the latest usernameToken profile 
http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html, 
it specified
the password digest should be: Password_Digest = Base64 ( SHA-1 ( nonce 
+ created + password ) ) .

So my question is where in CXF is this implemented?
I want to generate this digest manually for soap request.

I checked CXF source code and the closest thing I found is 
DigestAuthSupplier.java, which doesn't seem to be doing password digest 
according to formula above.

Thanks,
Sam

Re: Password Digest implementation in CXF??

Posted by Daniel Kulp <dk...@apache.org>.

On Oct 25, 2013, at 4:19 PM, Sam <j2...@gmail.com> wrote:

> Hi guys,
> 
> In the latest usernameToken profile http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html, it specified
> the password digest should be: Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) ) .
> 
> So my question is where in CXF is this implemented?

This would be down in WSS4J:

http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/token/UsernameToken.java


Dan



> I want to generate this digest manually for soap request.
> 
> I checked CXF source code and the closest thing I found is DigestAuthSupplier.java, which doesn't seem to be doing password digest according to formula above.
> 
> Thanks,
> Sam

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com