
mas01mj@732: /*
mas01mj@732:   Copyright (c) 2008, Adobe Systems Incorporated
mas01mj@732:   All rights reserved.
mas01mj@732: 
mas01mj@732:   Redistribution and use in source and binary forms, with or without 
mas01mj@732:   modification, are permitted provided that the following conditions are
mas01mj@732:   met:
mas01mj@732: 
mas01mj@732:   * Redistributions of source code must retain the above copyright notice, 
mas01mj@732:     this list of conditions and the following disclaimer.
mas01mj@732:   
mas01mj@732:   * Redistributions in binary form must reproduce the above copyright
mas01mj@732:     notice, this list of conditions and the following disclaimer in the 
mas01mj@732:     documentation and/or other materials provided with the distribution.
mas01mj@732:   
mas01mj@732:   * Neither the name of Adobe Systems Incorporated nor the names of its 
mas01mj@732:     contributors may be used to endorse or promote products derived from 
mas01mj@732:     this software without specific prior written permission.
mas01mj@732: 
mas01mj@732:   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
mas01mj@732:   IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
mas01mj@732:   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
mas01mj@732:   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
mas01mj@732:   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
mas01mj@732:   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
mas01mj@732:   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
mas01mj@732:   PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
mas01mj@732:   LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
mas01mj@732:   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
mas01mj@732:   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
mas01mj@732: */
mas01mj@732: 
mas01mj@732: package com.adobe.crypto
mas01mj@732: {
mas01mj@732: 	import mx.formatters.DateFormatter;
mas01mj@732: 	import mx.utils.Base64Encoder;
mas01mj@732: 	
mas01mj@732: 	/**
mas01mj@732: 	 * Web Services Security Username Token
mas01mj@732: 	 *
mas01mj@732: 	 * Implementation based on algorithm description at 
mas01mj@732: 	 * http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf
mas01mj@732: 	 */
mas01mj@732: 	public class WSSEUsernameToken
mas01mj@732: 	{
mas01mj@732: 		/**
mas01mj@732: 		 * Generates a WSSE Username Token.
mas01mj@732: 		 *
mas01mj@732: 		 * @param username The username
mas01mj@732: 		 * @param password The password
mas01mj@732: 		 * @param nonce A cryptographically random nonce (if null, the nonce
mas01mj@732: 		 * will be generated)
mas01mj@732: 		 * @param timestamp The time at which the token is generated (if null,
mas01mj@732: 		 * the time will be set to the moment of execution)
mas01mj@732: 		 * @return The generated token
mas01mj@732: 		 * @langversion ActionScript 3.0
mas01mj@732: 		 * @playerversion Flash 9.0
mas01mj@732: 		 * @tiptext
mas01mj@732: 		 */
mas01mj@732: 		public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String
mas01mj@732: 		{
mas01mj@732: 			if (nonce == null)
mas01mj@732: 			{
mas01mj@732: 				nonce = generateNonce();
mas01mj@732: 			}
mas01mj@732: 			nonce = base64Encode(nonce);
mas01mj@732: 		
mas01mj@732: 			var created:String = generateTimestamp(timestamp);
mas01mj@732: 		
mas01mj@732: 			var password64:String = getBase64Digest(nonce,
mas01mj@732: 				created,
mas01mj@732: 				password);
mas01mj@732: 		
mas01mj@732: 			var token:String = new String("UsernameToken Username=\"");
mas01mj@732: 			token += username + "\", " +
mas01mj@732: 					 "PasswordDigest=\"" + password64 + "\", " +
mas01mj@732: 					 "Nonce=\"" + nonce + "\", " +
mas01mj@732: 					 "Created=\"" + created + "\"";
mas01mj@732: 			return token;
mas01mj@732: 		}
mas01mj@732: 		
mas01mj@732: 		private static function generateNonce():String
mas01mj@732: 		{
mas01mj@732: 			// Math.random returns a Number between 0 and 1.  We don't want our
mas01mj@732: 			// nonce to contain invalid characters (e.g. the period) so we
mas01mj@732: 			// strip them out before returning the result.
mas01mj@732: 			var s:String =  Math.random().toString();
mas01mj@732: 			return s.replace(".", "");
mas01mj@732: 		}
mas01mj@732: 		
mas01mj@732: 		internal static function base64Encode(s:String):String
mas01mj@732: 		{
mas01mj@732: 			var encoder:Base64Encoder = new Base64Encoder();
mas01mj@732: 			encoder.encode(s);
mas01mj@732: 			return encoder.flush();
mas01mj@732: 		}
mas01mj@732: 		
mas01mj@732: 		internal static function generateTimestamp(timestamp:Date):String
mas01mj@732: 		{
mas01mj@732: 			if (timestamp == null)
mas01mj@732: 			{
mas01mj@732: 				timestamp = new Date();
mas01mj@732: 			}
mas01mj@732: 			var dateFormatter:DateFormatter = new DateFormatter();
mas01mj@732: 			dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS"
mas01mj@732: 			return dateFormatter.format(timestamp) + "Z";
mas01mj@732: 		}
mas01mj@732: 		
mas01mj@732: 		internal static function getBase64Digest(nonce:String, created:String, password:String):String
mas01mj@732: 		{
mas01mj@732: 			return SHA1.hashToBase64(nonce + created + password);
mas01mj@732: 		}
mas01mj@732: 	}
mas01mj@732: }