SOAP Web Service Tutorials - Herong's Tutorial Examples - v5.13, by Herong Yang
Password Digest Validation Program
A Java program, WsuPasswordDigestValidation.java, is provided in this tutorial to demonstrate how the WSU Password Digest value is calculated. It can also be used to manually valid any WSS request that uses the Username Token.
In order to demonstrate the WSU Password Digest generation process, I wrote the following Java program, WsuPasswordDigestValidation.java. It contains 3 sets of input examples.
/* WsuPasswordDigestValidation.java * Copyright (c) 2009 HerongYang.com. All Rights Reserved. */ import java.util.Base64; import java.io.ByteArrayOutputStream; import java.security.MessageDigest; public class WsuPasswordDigestValidation { public static void main(String[] args) { String pwd; String created; String nonce; String passwordDigest; System.out.println(); System.out.println("Test example 1"); pwd = "iLoveDogs"; created = "2014-06-21T12:43:21.791Z"; nonce = "0TBQcVnd9H4uGi1jGxqJWg=="; passwordDigest = "SjUQn7b8qSr5x4WOg9YLieSe2to="; verify(nonce, created, pwd, passwordDigest); System.out.println(); System.out.println("Test example 2"); pwd = "iLoveDogs"; created = "2014-06-21T12:43:21.791Z"; nonce = "0TBQcVnd9H4uGi1jGxqJWg=="; passwordDigest = "PfZyE8nQQR2rAsODn7iVGaf8hD8="; verify(nonce, created, pwd, passwordDigest); System.out.println(); System.out.println("Test example 3"); pwd = "iLoveDogs"; created = "2014-07-24T02:30:11.010Z"; nonce = "v7FxYg7FZGsHbuFtIVWhCA=="; passwordDigest = "JPyw/4MeEoEGmR9sOcBqzjGZc6U="; verify(nonce, created, pwd, passwordDigest); } public static void verify(String nonce, String created, String pwd, String passwordDigest) { try { byte[] nonceBytes = Base64.getDecoder().decode(nonce); byte[] createdBytes = created.getBytes("UTF-8"); byte[] passwordBytes = pwd.getBytes("UTF-8"); ByteArrayOutputStream outputStream = new ByteArrayOutputStream( ); outputStream.write(nonceBytes); outputStream.write(createdBytes); outputStream.write(passwordBytes); byte[] concatenatedBytes = outputStream.toByteArray(); MessageDigest digest = MessageDigest.getInstance( "SHA-1" ); digest.update(concatenatedBytes, 0, concatenatedBytes.length); byte[] digestBytes = digest.digest(); String digestString = Base64.getEncoder().encodeToString(digestBytes); String result = ""; if (digestString.equals(passwordDigest)) { result = "valid"; } else { result = "invalid"; } System.out.println("Provided password digest is: "+result); System.out.println(" Nonce: "+nonce); System.out.println(" Timestamp: "+created); System.out.println(" Password: "+pwd); System.out.println(" Computed digest: "+digestString); System.out.println(" Provided digest: "+passwordDigest); } catch (Exception e) { e.printStackTrace(); } } }
Compiling and running WsuPasswordDigestValidation.java requires JDK 1.8 or higher, because java.util.Base64 class is used. Here is the execution output:
Test example 1 Provided password digest is: invalid Nonce: 0TBQcVnd9H4uGi1jGxqJWg== Timestamp: 2014-06-21T12:43:21.791Z Password: iLoveDogs Computed digest: PfZyE8nQQR2rAsODn7iVGaf8hD8= Provided digest: SjUQn7b8qSr5x4WOg9YLieSe2to= Test example 2 Provided password digest is: valid Nonce: 0TBQcVnd9H4uGi1jGxqJWg== Timestamp: 2014-06-21T12:43:21.791Z Password: iLoveDogs Computed digest: PfZyE8nQQR2rAsODn7iVGaf8hD8= Provided digest: PfZyE8nQQR2rAsODn7iVGaf8hD8= Test example 3 Provided password digest is: valid Nonce: v7FxYg7FZGsHbuFtIVWhCA== Timestamp: 2014-07-24T02:30:11.010Z Password: iLoveDogs Computed digest: JPyw/4MeEoEGmR9sOcBqzjGZc6U= Provided digest: JPyw/4MeEoEGmR9sOcBqzjGZc6U=
You can also modify WsuPasswordDigestValidation.java to validate any WSU request you received by changing input values.
Table of Contents
Introduction to SOAP (Simple Object Access Protocol)
SOAP Message Transmission and Processing
SOAP MEP (Message Exchange Patterns)
PHP SOAP Extension Client Programs
PHP SOAP Extension Server Programs
PHP SOAP Web Service Example - getTemp
Perl SOAP::Lite - SOAP Server-Client Communication Module
Perl Socket Test Program for HTTP and SOAP
Perl SOAP::Lite for NumberToWords SOAP 1.1 Web Service
Perl SOAP::Lite for SOAP 1.2 Web Services
Java Socket and HttpURLConnection for SOAP
SAAJ - SOAP with Attachments API for Java
SoapUI - SOAP Web Service Testing Tool
►WS-Security - SOAP Message Security Extension
Using XML Signature and Encryption with WSS
SOAP Header Element "Security"
What Is WS-Security Username Token Profile
SoapUI Configuration for Username Token
Generating Username Token with SoapUI
Validating wsse:Password Digest String
►Password Digest Validation Program
WS-Security X.509 Certificate Token
Perl SOAP::Lite for GetSpeech SOAP 1.1 Web Service
Perl SOAP::Lite 0.710 for SOAP 1.2 Web Services
Perl SOAP::Lite 0.710 for WSDL