I use symfony2 for web server and use wsse authentication with x-wsse header.
The question actually is about which exact functions I should use in Java to give the same result as in PHP.
PHP part for header generation:
$nonce = substr( md5( uniqid( 'nonce_', true ) ), 0, 16 );
$nonceHigh = base64_encode( $nonce );
$passwordDigest = base64_encode( sha1( $nonce . $created . $password . "{" . $user->getSalt() . "}", true ) );
$header = "UsernameToken Username=\"{$username}\", PasswordDigest=\"{$passwordDigest}\", Nonce=\"{$nonceHigh}\", Created=\"{$created}\"";
PHP part for header verify:
$expected = base64_encode( sha1( base64_decode( $nonce ) . $created . $secret, true ) );
I don't know why it uses nonceHigh instead of nonce directly? I believe this cause the problem in java. And I also don't know should generate nonce or use the one generate from server. In order to do the compare, I reused the nonce from server to generate digest.
byte [] nonceLow = Base64.decode(nonceHigh, Base64.DEFAULT); // nonceHigh is from above
String nonce = String.valueOf(nonceLow); // this give strange result. is it wrong?
String temp = nonce + format(now) + password;
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
//new String(Base64.encodeBase64(md.digest(temp.getBytes())));
digest = Base64.encodeToString(md.digest(temp.getBytes("UTF-8")), Base64.DEFAULT);
} catch (Exception e) {
throw new AuthenticationException(e.getMessage(), e);
}
String wsse =
"UsernameToken Username=\"" + username
+ "\", "
+ "PasswordDigest=\""
+ digest
+ "\", "
+ "Nonce=\""
+ nonceHIGH
+ "\", "
+ "Created=\""
+ format(now)
+ "\"";
Question is:
- Why PHP uses nonceHight instead of nonce?
- android java
Base64.encodeToString() == php base64_encode()? - android java
Base64.decode() == php base64_decode()?
