You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@abdera.apache.org by jm...@apache.org on 2007/04/18 22:49:03 UTC

svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse: ./ WSSEAuthScheme.java

Author: jmsnell
Date: Wed Apr 18 13:49:02 2007
New Revision: 530151

URL: http://svn.apache.org/viewvc?view=rev&rev=530151
Log:
WSSE auth implementation

Added:
    incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/
    incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java

Added: incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java?view=auto&rev=530151
==============================================================================
--- incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java (added)
+++ incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java Wed Apr 18 13:49:02 2007
@@ -0,0 +1,120 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  The ASF licenses this file to You
+* under the Apache License, Version 2.0 (the "License"); you may not
+* use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.  For additional information regarding
+* copyright in this work, please see the NOTICE file in the top level
+* directory of this distribution.
+*/
+package org.apache.abdera.ext.wsse;
+
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Date;
+
+import org.apache.abdera.model.AtomDate;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.auth.AuthScheme;
+import org.apache.commons.httpclient.auth.AuthenticationException;
+import org.apache.commons.httpclient.auth.RFC2617Scheme;
+
+/**
+ * WSSE Auth Scheme implementation for use with HTTP Commons Client
+ * Some APP implementations use WSSE for authentication
+ * 
+ * @see http://www.xml.com/pub/a/2003/12/17/dive.html
+ */
+public class WSSEAuthScheme
+  extends RFC2617Scheme
+  implements AuthScheme {
+
+  private final int NONCE_LENGTH = 16;
+  
+  @Override
+  public String authenticate(
+    Credentials credentials, 
+    HttpMethod method) 
+      throws AuthenticationException {
+    if (credentials instanceof UsernamePasswordCredentials) {
+      UsernamePasswordCredentials creds = (UsernamePasswordCredentials) credentials;
+      AtomDate now = new AtomDate(new Date());
+      String nonce = generateNonce();
+      String digest = generatePasswordDigest(creds.getPassword(), nonce, now);
+      String username = creds.getUserName();
+      
+      String wsse = "UsernameToken Username=\"" + username + "\", " +
+                    "PasswordDigest=\"" + digest + "\", " +
+                    "Nonce=\"" + nonce + "\", " +
+                    "Created=\"" + now.getValue() + "\"";
+      method.addRequestHeader("X-WSSE", wsse);
+      return "WSSE profile=\"UsernameToken\"";
+    } else {
+      return null;
+    }
+  }
+  
+  private String generatePasswordDigest(
+    String password, 
+    String nonce, 
+    AtomDate date) 
+      throws AuthenticationException {
+    String temp = nonce + date.getValue() + password;
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA1");
+      return new String(Base64.encodeBase64(md.digest(temp.getBytes())));
+    } catch (Exception e) {
+      throw new AuthenticationException(e.getMessage(), e);
+    }
+  }
+  
+  private String generateNonce()
+    throws AuthenticationException {
+      try {
+        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
+        byte[] temp = new byte[NONCE_LENGTH];
+        sr.nextBytes(temp);
+        String n = new String(Hex.encodeHex(temp));
+        return n;
+      } catch (Exception e) {
+        throw new AuthenticationException(e.getMessage(),e);
+      }
+  }
+
+  @Override
+  public String authenticate(
+    Credentials credentials, 
+    String method, 
+    String uri) 
+      throws AuthenticationException {
+    return authenticate(credentials, null);
+  }
+
+  @Override
+  public String getSchemeName() {
+    return "WSSE";
+  }
+
+  @Override
+  public boolean isComplete() {
+    return true;
+  }
+
+  @Override
+  public boolean isConnectionBased() {
+    return false;
+  } 
+
+}

Re: svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse: ./ WSSEAuthScheme.java

Posted by James M Snell <ja...@gmail.com>.

Yes, but I've never actually ever seen this method called by anything.
Either way, however, I added a null check.

- James

Garrett Rooney wrote:
> On 4/18/07, jmsnell@apache.org <jm...@apache.org> wrote:
> 
>> +  @Override
>> +  public String authenticate(
>> +    Credentials credentials,
>> +    String method,
>> +    String uri)
>> +      throws AuthenticationException {
>> +    return authenticate(credentials, null);
>> +  }
> 
> Isn't this going to give a null pointer exception at the end of the
> other authenticate exception?  When it calls
> method.addRequestHeader()?
> 
> -garrett
>

Re: svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse: ./ WSSEAuthScheme.java

Posted by Garrett Rooney <ro...@electricjellyfish.net>.

On 4/18/07, jmsnell@apache.org <jm...@apache.org> wrote:

> +  @Override
> +  public String authenticate(
> +    Credentials credentials,
> +    String method,
> +    String uri)
> +      throws AuthenticationException {
> +    return authenticate(credentials, null);
> +  }

Isn't this going to give a null pointer exception at the end of the
other authenticate exception?  When it calls
method.addRequestHeader()?

-garrett