I am using jboss 5.1.0.GA and jbossws-3.1.2.GA.
I am attempting to verify the password digest on the server side outside of the Jaas module like so
private void testSHA(String nonce, String created, String passwordDigest) {
Base64 encoder = new Base64();
String concat = nonce + created + "password";
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
md.update(concat.getBytes());
byte[] arr = md.digest();
String fin = encoder.encodeBase64String(arr);
System.out.println("fin: "+fin);
System.out.println("dig: "+pd);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(NtcssWsSecurityServer.class.getName()).log(Level.SEVERE, null, ex);
}
}
All values are pulled off the soap header and the "password" is shared.
If I use SOAP UI to submit the request, with nonce,created, and password digest I can never get the digest to match up. Also It looks like the nonce is Base64 encoded and Hashed at the server.
What Am I missing.
Thanks