abdera-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmsn...@apache.org
Subject svn commit: r530151 - in /incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse: ./ WSSEAuthScheme.java
Date Wed, 18 Apr 2007 20:49:03 GMT
Author: jmsnell
Date: Wed Apr 18 13:49:02 2007
New Revision: 530151

URL: http://svn.apache.org/viewvc?view=rev&rev=530151
Log:
WSSE auth implementation

Added:
    incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/
    incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java

Added: incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
URL: http://svn.apache.org/viewvc/incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java?view=auto&rev=530151
==============================================================================
--- incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
(added)
+++ incubator/abdera/java/trunk/extensions/src/main/java/org/apache/abdera/ext/wsse/WSSEAuthScheme.java
Wed Apr 18 13:49:02 2007
@@ -0,0 +1,120 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements.  The ASF licenses this file to You
+* under the Apache License, Version 2.0 (the "License"); you may not
+* use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.  For additional information regarding
+* copyright in this work, please see the NOTICE file in the top level
+* directory of this distribution.
+*/
+package org.apache.abdera.ext.wsse;
+
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Date;
+
+import org.apache.abdera.model.AtomDate;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.auth.AuthScheme;
+import org.apache.commons.httpclient.auth.AuthenticationException;
+import org.apache.commons.httpclient.auth.RFC2617Scheme;
+
+/**
+ * WSSE Auth Scheme implementation for use with HTTP Commons Client
+ * Some APP implementations use WSSE for authentication
+ * 
+ * @see http://www.xml.com/pub/a/2003/12/17/dive.html
+ */
+public class WSSEAuthScheme
+  extends RFC2617Scheme
+  implements AuthScheme {
+
+  private final int NONCE_LENGTH = 16;
+  
+  @Override
+  public String authenticate(
+    Credentials credentials, 
+    HttpMethod method) 
+      throws AuthenticationException {
+    if (credentials instanceof UsernamePasswordCredentials) {
+      UsernamePasswordCredentials creds = (UsernamePasswordCredentials) credentials;
+      AtomDate now = new AtomDate(new Date());
+      String nonce = generateNonce();
+      String digest = generatePasswordDigest(creds.getPassword(), nonce, now);
+      String username = creds.getUserName();
+      
+      String wsse = "UsernameToken Username=\"" + username + "\", " +
+                    "PasswordDigest=\"" + digest + "\", " +
+                    "Nonce=\"" + nonce + "\", " +
+                    "Created=\"" + now.getValue() + "\"";
+      method.addRequestHeader("X-WSSE", wsse);
+      return "WSSE profile=\"UsernameToken\"";
+    } else {
+      return null;
+    }
+  }
+  
+  private String generatePasswordDigest(
+    String password, 
+    String nonce, 
+    AtomDate date) 
+      throws AuthenticationException {
+    String temp = nonce + date.getValue() + password;
+    try {
+      MessageDigest md = MessageDigest.getInstance("SHA1");
+      return new String(Base64.encodeBase64(md.digest(temp.getBytes())));
+    } catch (Exception e) {
+      throw new AuthenticationException(e.getMessage(), e);
+    }
+  }
+  
+  private String generateNonce()
+    throws AuthenticationException {
+      try {
+        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
+        byte[] temp = new byte[NONCE_LENGTH];
+        sr.nextBytes(temp);
+        String n = new String(Hex.encodeHex(temp));
+        return n;
+      } catch (Exception e) {
+        throw new AuthenticationException(e.getMessage(),e);
+      }
+  }
+
+  @Override
+  public String authenticate(
+    Credentials credentials, 
+    String method, 
+    String uri) 
+      throws AuthenticationException {
+    return authenticate(credentials, null);
+  }
+
+  @Override
+  public String getSchemeName() {
+    return "WSSE";
+  }
+
+  @Override
+  public boolean isComplete() {
+    return true;
+  }
+
+  @Override
+  public boolean isConnectionBased() {
+    return false;
+  } 
+
+}



Mime
View raw message