Mercurial > hg > audiodb

annotate bindings/as3/ext/com/adobe/crypto/WSSEUsernameToken.as @ 770:c54bc2ffbf92 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
update tags
author convert-repo
date Fri, 16 Dec 2011 11:34:01 +0000
parents 3a0b9700b3d2
children
rev   line source
mas01mj@732 1 /*
mas01mj@732 2 Copyright (c) 2008, Adobe Systems Incorporated
mas01mj@732 3 All rights reserved.
mas01mj@732 4
mas01mj@732 5 Redistribution and use in source and binary forms, with or without
mas01mj@732 6 modification, are permitted provided that the following conditions are
mas01mj@732 7 met:
mas01mj@732 8
mas01mj@732 9 * Redistributions of source code must retain the above copyright notice,
mas01mj@732 10 this list of conditions and the following disclaimer.
mas01mj@732 11
mas01mj@732 12 * Redistributions in binary form must reproduce the above copyright
mas01mj@732 13 notice, this list of conditions and the following disclaimer in the
mas01mj@732 14 documentation and/or other materials provided with the distribution.
mas01mj@732 15
mas01mj@732 16 * Neither the name of Adobe Systems Incorporated nor the names of its
mas01mj@732 17 contributors may be used to endorse or promote products derived from
mas01mj@732 18 this software without specific prior written permission.
mas01mj@732 19
mas01mj@732 20 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
mas01mj@732 21 IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
mas01mj@732 22 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
mas01mj@732 23 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
mas01mj@732 24 CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
mas01mj@732 25 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
mas01mj@732 26 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
mas01mj@732 27 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
mas01mj@732 28 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
mas01mj@732 29 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
mas01mj@732 30 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
mas01mj@732 31 */
mas01mj@732 32
mas01mj@732 33 package com.adobe.crypto
mas01mj@732 34 {
mas01mj@732 35 import mx.formatters.DateFormatter;
mas01mj@732 36 import mx.utils.Base64Encoder;
mas01mj@732 37
mas01mj@732 38 /**
mas01mj@732 39 * Web Services Security Username Token
mas01mj@732 40 *
mas01mj@732 41 * Implementation based on algorithm description at
mas01mj@732 42 * http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf
mas01mj@732 43 */
mas01mj@732 44 public class WSSEUsernameToken
mas01mj@732 45 {
mas01mj@732 46 /**
mas01mj@732 47 * Generates a WSSE Username Token.
mas01mj@732 48 *
mas01mj@732 49 * @param username The username
mas01mj@732 50 * @param password The password
mas01mj@732 51 * @param nonce A cryptographically random nonce (if null, the nonce
mas01mj@732 52 * will be generated)
mas01mj@732 53 * @param timestamp The time at which the token is generated (if null,
mas01mj@732 54 * the time will be set to the moment of execution)
mas01mj@732 55 * @return The generated token
mas01mj@732 56 * @langversion ActionScript 3.0
mas01mj@732 57 * @playerversion Flash 9.0
mas01mj@732 58 * @tiptext
mas01mj@732 59 */
mas01mj@732 60 public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String
mas01mj@732 61 {
mas01mj@732 62 if (nonce == null)
mas01mj@732 63 {
mas01mj@732 64 nonce = generateNonce();
mas01mj@732 65 }
mas01mj@732 66 nonce = base64Encode(nonce);
mas01mj@732 67
mas01mj@732 68 var created:String = generateTimestamp(timestamp);
mas01mj@732 69
mas01mj@732 70 var password64:String = getBase64Digest(nonce,
mas01mj@732 71 created,
mas01mj@732 72 password);
mas01mj@732 73
mas01mj@732 74 var token:String = new String("UsernameToken Username=\"");
mas01mj@732 75 token += username + "\", " +
mas01mj@732 76 "PasswordDigest=\"" + password64 + "\", " +
mas01mj@732 77 "Nonce=\"" + nonce + "\", " +
mas01mj@732 78 "Created=\"" + created + "\"";
mas01mj@732 79 return token;
mas01mj@732 80 }
mas01mj@732 81
mas01mj@732 82 private static function generateNonce():String
mas01mj@732 83 {
mas01mj@732 84 // Math.random returns a Number between 0 and 1. We don't want our
mas01mj@732 85 // nonce to contain invalid characters (e.g. the period) so we
mas01mj@732 86 // strip them out before returning the result.
mas01mj@732 87 var s:String = Math.random().toString();
mas01mj@732 88 return s.replace(".", "");
mas01mj@732 89 }
mas01mj@732 90
mas01mj@732 91 internal static function base64Encode(s:String):String
mas01mj@732 92 {
mas01mj@732 93 var encoder:Base64Encoder = new Base64Encoder();
mas01mj@732 94 encoder.encode(s);
mas01mj@732 95 return encoder.flush();
mas01mj@732 96 }
mas01mj@732 97
mas01mj@732 98 internal static function generateTimestamp(timestamp:Date):String
mas01mj@732 99 {
mas01mj@732 100 if (timestamp == null)
mas01mj@732 101 {
mas01mj@732 102 timestamp = new Date();
mas01mj@732 103 }
mas01mj@732 104 var dateFormatter:DateFormatter = new DateFormatter();
mas01mj@732 105 dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS"
mas01mj@732 106 return dateFormatter.format(timestamp) + "Z";
mas01mj@732 107 }
mas01mj@732 108
mas01mj@732 109 internal static function getBase64Digest(nonce:String, created:String, password:String):String
mas01mj@732 110 {
mas01mj@732 111 return SHA1.hashToBase64(nonce + created + password);
mas01mj@732 112 }
mas01mj@732 113 }
mas01mj@732 114 }