You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@abdera.apache.org by jm...@apache.org on 2007/04/18 22:49:03 UTC
svn commit: r530151 - in
/incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse:
./ WSSEAuthScheme.java
Author: jmsnell
Date: Wed Apr 18 13:49:02 2007
New Revision: 530151
URL: http://svn.apache.org/viewvc?view=rev&rev=530151
Log:
WSSE auth implementation
Added:
incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/
incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
Added: incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java?view=auto&rev=530151
==============================================================================
--- incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java (added)
+++ incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java Wed Apr 18 13:49:02 2007
@@ -0,0 +1,120 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. The ASF licenses this file to You
+* under the Apache License, Version 2.0 (the "License"); you may not
+* use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License. For additional information regarding
+* copyright in this work, please see the NOTICE file in the top level
+* directory of this distribution.
+*/
+package org.apache.abdera.ext.wsse;
+
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Date;
+
+import org.apache.abdera.model.AtomDate;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.auth.AuthScheme;
+import org.apache.commons.httpclient.auth.AuthenticationException;
+import org.apache.commons.httpclient.auth.RFC2617Scheme;
+
+/**
+ * WSSE Auth Scheme implementation for use with HTTP Commons Client
+ * Some APP implementations use WSSE for authentication
+ *
+ * @see http://www.xml.com/pub/a/2003/12/17/dive.html
+ */
+public class WSSEAuthScheme
+ extends RFC2617Scheme
+ implements AuthScheme {
+
+ private final int NONCE_LENGTH = 16;
+
+ @Override
+ public String authenticate(
+ Credentials credentials,
+ HttpMethod method)
+ throws AuthenticationException {
+ if (credentials instanceof UsernamePasswordCredentials) {
+ UsernamePasswordCredentials creds = (UsernamePasswordCredentials) credentials;
+ AtomDate now = new AtomDate(new Date());
+ String nonce = generateNonce();
+ String digest = generatePasswordDigest(creds.getPassword(), nonce, now);
+ String username = creds.getUserName();
+
+ String wsse = "UsernameToken Username=\"" + username + "\", " +
+ "PasswordDigest=\"" + digest + "\", " +
+ "Nonce=\"" + nonce + "\", " +
+ "Created=\"" + now.getValue() + "\"";
+ method.addRequestHeader("X-WSSE", wsse);
+ return "WSSE profile=\"UsernameToken\"";
+ } else {
+ return null;
+ }
+ }
+
+ private String generatePasswordDigest(
+ String password,
+ String nonce,
+ AtomDate date)
+ throws AuthenticationException {
+ String temp = nonce + date.getValue() + password;
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA1");
+ return new String(Base64.encodeBase64(md.digest(temp.getBytes())));
+ } catch (Exception e) {
+ throw new AuthenticationException(e.getMessage(), e);
+ }
+ }
+
+ private String generateNonce()
+ throws AuthenticationException {
+ try {
+ SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[NONCE_LENGTH];
+ sr.nextBytes(temp);
+ String n = new String(Hex.encodeHex(temp));
+ return n;
+ } catch (Exception e) {
+ throw new AuthenticationException(e.getMessage(),e);
+ }
+ }
+
+ @Override
+ public String authenticate(
+ Credentials credentials,
+ String method,
+ String uri)
+ throws AuthenticationException {
+ return authenticate(credentials, null);
+ }
+
+ @Override
+ public String getSchemeName() {
+ return "WSSE";
+ }
+
+ @Override
+ public boolean isComplete() {
+ return true;
+ }
+
+ @Override
+ public boolean isConnectionBased() {
+ return false;
+ }
+
+}
Re: svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse:
./ WSSEAuthScheme.java
Posted by James M Snell <ja...@gmail.com>.
Yes, but I've never actually ever seen this method called by anything.
Either way, however, I added a null check.
- James
Garrett Rooney wrote:
> On 4/18/07, jmsnell@apache.org <jm...@apache.org> wrote:
>
>> + @Override
>> + public String authenticate(
>> + Credentials credentials,
>> + String method,
>> + String uri)
>> + throws AuthenticationException {
>> + return authenticate(credentials, null);
>> + }
>
> Isn't this going to give a null pointer exception at the end of the
> other authenticate exception? When it calls
> method.addRequestHeader()?
>
> -garrett
>
Re: svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse: ./ WSSEAuthScheme.java
Posted by Garrett Rooney <ro...@electricjellyfish.net>.
On 4/18/07, jmsnell@apache.org <jm...@apache.org> wrote:
> + @Override
> + public String authenticate(
> + Credentials credentials,
> + String method,
> + String uri)
> + throws AuthenticationException {
> + return authenticate(credentials, null);
> + }
Isn't this going to give a null pointer exception at the end of the
other authenticate exception? When it calls
method.addRequestHeader()?
-garrett