colonymech / docs / www / colonyscout / internal / includes / uploadify / com / adobe / crypto / WSSEUsernameToken.as @ f59acf11
History | View | Annotate | Download (3.83 KB)
1 |
/* |
---|---|
2 |
Copyright (c) 2008, Adobe Systems Incorporated |
3 |
All rights reserved. |
4 |
|
5 |
Redistribution and use in source and binary forms, with or without |
6 |
modification, are permitted provided that the following conditions are |
7 |
met: |
8 |
|
9 |
* Redistributions of source code must retain the above copyright notice, |
10 |
this list of conditions and the following disclaimer. |
11 |
|
12 |
* Redistributions in binary form must reproduce the above copyright |
13 |
notice, this list of conditions and the following disclaimer in the |
14 |
documentation and/or other materials provided with the distribution. |
15 |
|
16 |
* Neither the name of Adobe Systems Incorporated nor the names of its |
17 |
contributors may be used to endorse or promote products derived from |
18 |
this software without specific prior written permission. |
19 |
|
20 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS |
21 |
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, |
22 |
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
23 |
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR |
24 |
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
25 |
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
26 |
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
27 |
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF |
28 |
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
29 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS |
30 |
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
31 |
*/ |
32 |
|
33 |
package com.adobe.crypto |
34 |
{ |
35 |
import mx.formatters.DateFormatter; |
36 |
import mx.utils.Base64Encoder; |
37 |
|
38 |
/** |
39 |
* Web Services Security Username Token |
40 |
* |
41 |
* Implementation based on algorithm description at |
42 |
* http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf |
43 |
*/ |
44 |
public class WSSEUsernameToken |
45 |
{ |
46 |
/** |
47 |
* Generates a WSSE Username Token. |
48 |
* |
49 |
* @param username The username |
50 |
* @param password The password |
51 |
* @param nonce A cryptographically random nonce (if null, the nonce |
52 |
* will be generated) |
53 |
* @param timestamp The time at which the token is generated (if null, |
54 |
* the time will be set to the moment of execution) |
55 |
* @return The generated token |
56 |
* @langversion ActionScript 3.0 |
57 |
* @playerversion Flash 9.0 |
58 |
* @tiptext |
59 |
*/ |
60 |
public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String |
61 |
{ |
62 |
if (nonce == null) |
63 |
{ |
64 |
nonce = generateNonce(); |
65 |
} |
66 |
nonce = base64Encode(nonce); |
67 |
|
68 |
var created:String = generateTimestamp(timestamp); |
69 |
|
70 |
var password64:String = getBase64Digest(nonce, |
71 |
created, |
72 |
password); |
73 |
|
74 |
var token:String = new String("UsernameToken Username=\""); |
75 |
token += username + "\", " + |
76 |
"PasswordDigest=\"" + password64 + "\", " + |
77 |
"Nonce=\"" + nonce + "\", " + |
78 |
"Created=\"" + created + "\""; |
79 |
return token; |
80 |
} |
81 |
|
82 |
private static function generateNonce():String |
83 |
{ |
84 |
// Math.random returns a Number between 0 and 1. We don't want our |
85 |
// nonce to contain invalid characters (e.g. the period) so we |
86 |
// strip them out before returning the result. |
87 |
var s:String = Math.random().toString(); |
88 |
return s.replace(".", ""); |
89 |
} |
90 |
|
91 |
internal static function base64Encode(s:String):String |
92 |
{ |
93 |
var encoder:Base64Encoder = new Base64Encoder(); |
94 |
encoder.encode(s); |
95 |
return encoder.flush(); |
96 |
} |
97 |
|
98 |
internal static function generateTimestamp(timestamp:Date):String |
99 |
{ |
100 |
if (timestamp == null) |
101 |
{ |
102 |
timestamp = new Date(); |
103 |
} |
104 |
var dateFormatter:DateFormatter = new DateFormatter(); |
105 |
dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS" |
106 |
return dateFormatter.format(timestamp) + "Z"; |
107 |
} |
108 |
|
109 |
internal static function getBase64Digest(nonce:String, created:String, password:String):String |
110 |
{ |
111 |
return SHA1.hashToBase64(nonce + created + password); |
112 |
} |
113 |
} |
114 |
} |