[jboss-user] [JBoss Web Services] - JBOSS-WS verify password Digest manually at the server

[Ken Barnes]

Ken Barnes [https://community.jboss.org/people/kenbarnes] created the discussion

"JBOSS-WS verify password Digest manually at the server"

To view the discussion, visit: https://community.jboss.org/message/744889#744889

--------------------------------------------------------------
I am using jboss 5.1.0.GA and jbossws-3.1.2.GA.

I am attempting to verify the password digest on the server side outside of the Jaas module like so 

private void testSHA(String nonce, String created, String passwordDigest) {
        Base64 encoder = new Base64();
        String concat = nonce + created + "password";
        try {
            MessageDigest md = MessageDigest.getInstance("SHA1");            
            md.update(concat.getBytes());
            byte[] arr = md.digest();
            String fin = encoder.encodeBase64String(arr);
            System.out.println("fin: "+fin);
            System.out.println("dig: "+pd);
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(NtcssWsSecurityServer.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
All values are pulled off the soap header and the "password" is shared.
If I use SOAP UI to submit the request, with nonce,created, and password digest I can never get the digest to match up. Also It looks like the nonce is Base64 encoded and Hashed at the server.
What Am I missing.
Thanks
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/744889#744889]

Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120628/c2d6a8b0/attachment-0001.html