1. 技术文章
  2. How to do WSSE Authentication implementation in android java according to php part within webserver?

How to do WSSE Authentication implementation in android java according to php part within webserver?

时光总嘲笑我的痴心妄想 提交于 2019-12-21 06:42:01

问题


I use symfony2 for web server and use wsse authentication with x-wsse header.

The question actually is about which exact functions I should use in Java to give the same result as in PHP.

PHP part for header generation:

$nonce = substr( md5( uniqid( 'nonce_', true ) ), 0, 16 );
$nonceHigh = base64_encode( $nonce );
$passwordDigest = base64_encode( sha1( $nonce . $created . $password . "{" . $user->getSalt() . "}", true ) );
$header = "UsernameToken Username=\"{$username}\", PasswordDigest=\"{$passwordDigest}\", Nonce=\"{$nonceHigh}\", Created=\"{$created}\"";

PHP part for header verify:

$expected = base64_encode( sha1( base64_decode( $nonce ) . $created . $secret, true ) );

I don't know why it uses nonceHigh instead of nonce directly? I believe this cause the problem in java. And I also don't know should generate nonce or use the one generate from server. In order to do the compare, I reused the nonce from server to generate digest.

byte [] nonceLow = Base64.decode(nonceHigh, Base64.DEFAULT); // nonceHigh is from above
String nonce = String.valueOf(nonceLow); // this give strange result. is it wrong?
String temp = nonce + format(now) + password;
try {
    MessageDigest md = MessageDigest.getInstance("SHA1");
    //new String(Base64.encodeBase64(md.digest(temp.getBytes())));
    digest = Base64.encodeToString(md.digest(temp.getBytes("UTF-8")), Base64.DEFAULT);
} catch (Exception e) {
    throw new AuthenticationException(e.getMessage(), e);
}

String wsse =
    "UsernameToken Username=\"" + username
        + "\", "
        + "PasswordDigest=\""
        + digest
        + "\", "
        + "Nonce=\""
        + nonceHIGH
        + "\", "
        + "Created=\""
        + format(now)
        + "\"";

Question is:

  1. Why PHP uses nonceHight instead of nonce?
  2. android java Base64.encodeToString() == php base64_encode()?
  3. android java Base64.decode() == php base64_decode()?

回答1:


Nobody answer. Ok, I put my found here in case somebody meet the same issue. This solve the problem.

Base64.encodeToString(temp.getBytes("ISO-8859-1"), Base64.NO_WRAP);


来源:https://stackoverflow.com/questions/16782685/how-to-do-wsse-authentication-implementation-in-android-java-according-to-php-pa

标签
java
php
encryption
ws-security
wsse
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!