Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save anton-x-t/43a298607937c46bbdf9e102ddeec332 to your computer and use it in GitHub Desktop.
Save anton-x-t/43a298607937c46bbdf9e102ddeec332 to your computer and use it in GitHub Desktop.
SOAP JAX WS Password Digest Nonce Date Created Handler generator
// Thank you very much eogiles for earlier written code, credit goes to you.
// Thank you very much javajack for earlier written code, credit goes to you.
// License for this code: cc by-sa 3.0
// Please get Maven in order for this code to work.
// Please get your own imports, you'll probably have to get commons-codec manually by adding it to your POM in Maven:
// <!-- https://mvnrepository.com/artifact/commons-codec/commons-codec
// To be able to convert to Base64 when making the PasswordDigest token. -->
// <dependency>
// <groupId>commons-codec</groupId>
// <artifactId>commons-codec</artifactId>
// <version>1.11</version>
// </dependency>
// On building a complete security header including nonce, createdTime and passwordDigest,
// thank you eogiles and Rakesh Waghela (javajack), https://gist.github.com/propatience/43a298607937c46bbdf9e102ddeec332
private static String[] buildSecurityHeader(String passwordParam) throws IOException, NoSuchAlgorithmException {
String password = passwordParam;
// From the spec: Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
// Make the nonce
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
rand.setSeed(System.currentTimeMillis());
byte[] nonceBytes = new byte[16];
rand.nextBytes(nonceBytes);
// Make the created date
DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
df.setTimeZone(TimeZone.getTimeZone("UTC"));
String createdDate = df.format(Calendar.getInstance().getTime());
byte[] createdDateBytes = createdDate.getBytes("UTF-8");
// Make the password
byte[] passwordBytes = password.getBytes("UTF-8");
// SHA-1 hash the bunch of it.
ByteArrayOutputStream baos = new ByteArrayOutputStream();
baos.write(nonceBytes);
baos.write(createdDateBytes);
baos.write(passwordBytes);
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] digestedPassword = md.digest(baos.toByteArray());
// Encode the password and nonce for sending
// String passwordB64 = (new BASE64Encoder()).encode(digestedPassword);
// On "Base64Encoder cannot be resolved", thank you Sai, https://stackoverflow.com/q/6526883
byte[] passwordDigestB64 = org.apache.commons.codec.binary.Base64.encodeBase64(digestedPassword);
String passwordDigest = new String(passwordDigestB64);
byte[] nonceB64 = org.apache.commons.codec.binary.Base64.encodeBase64(nonceBytes);
String nonce = new String(nonceB64);
// On initializing String[], thank you glmxndr, https://stackoverflow.com/q/1200621
String returnString[] = new String[3];
returnString[0] = nonce;
returnString[1] = createdDate;
returnString[2] = passwordDigest;
return returnString;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment