+/*\r
+ Copyright (c) 2008, Adobe Systems Incorporated\r
+ All rights reserved.\r
+\r
+ Redistribution and use in source and binary forms, with or without \r
+ modification, are permitted provided that the following conditions are\r
+ met:\r
+\r
+ * Redistributions of source code must retain the above copyright notice, \r
+ this list of conditions and the following disclaimer.\r
+ \r
+ * Redistributions in binary form must reproduce the above copyright\r
+ notice, this list of conditions and the following disclaimer in the \r
+ documentation and/or other materials provided with the distribution.\r
+ \r
+ * Neither the name of Adobe Systems Incorporated nor the names of its \r
+ contributors may be used to endorse or promote products derived from \r
+ this software without specific prior written permission.\r
+\r
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS\r
+ IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\r
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\r
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR \r
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\r
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\r
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\r
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\r
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\r
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+*/\r
+\r
+package com.adobe.crypto\r
+{\r
+ import mx.formatters.DateFormatter;\r
+ import mx.utils.Base64Encoder;\r
+ \r
+ /**\r
+ * Web Services Security Username Token\r
+ *\r
+ * Implementation based on algorithm description at \r
+ * http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf\r
+ */\r
+ public class WSSEUsernameToken\r
+ {\r
+ /**\r
+ * Generates a WSSE Username Token.\r
+ *\r
+ * @param username The username\r
+ * @param password The password\r
+ * @param nonce A cryptographically random nonce (if null, the nonce\r
+ * will be generated)\r
+ * @param timestamp The time at which the token is generated (if null,\r
+ * the time will be set to the moment of execution)\r
+ * @return The generated token\r
+ * @langversion ActionScript 3.0\r
+ * @playerversion Flash 9.0\r
+ * @tiptext\r
+ */\r
+ public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String\r
+ {\r
+ if (nonce == null)\r
+ {\r
+ nonce = generateNonce();\r
+ }\r
+ nonce = base64Encode(nonce);\r
+ \r
+ var created:String = generateTimestamp(timestamp);\r
+ \r
+ var password64:String = getBase64Digest(nonce,\r
+ created,\r
+ password);\r
+ \r
+ var token:String = new String("UsernameToken Username=\"");\r
+ token += username + "\", " +\r
+ "PasswordDigest=\"" + password64 + "\", " +\r
+ "Nonce=\"" + nonce + "\", " +\r
+ "Created=\"" + created + "\"";\r
+ return token;\r
+ }\r
+ \r
+ private static function generateNonce():String\r
+ {\r
+ // Math.random returns a Number between 0 and 1. We don't want our\r
+ // nonce to contain invalid characters (e.g. the period) so we\r
+ // strip them out before returning the result.\r
+ var s:String = Math.random().toString();\r
+ return s.replace(".", "");\r
+ }\r
+ \r
+ internal static function base64Encode(s:String):String\r
+ {\r
+ var encoder:Base64Encoder = new Base64Encoder();\r
+ encoder.encode(s);\r
+ return encoder.flush();\r
+ }\r
+ \r
+ internal static function generateTimestamp(timestamp:Date):String\r
+ {\r
+ if (timestamp == null)\r
+ {\r
+ timestamp = new Date();\r
+ }\r
+ var dateFormatter:DateFormatter = new DateFormatter();\r
+ dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS"\r
+ return dateFormatter.format(timestamp) + "Z";\r
+ }\r
+ \r
+ internal static function getBase64Digest(nonce:String, created:String, password:String):String\r
+ {\r
+ return SHA1.hashToBase64(nonce + created + password);\r
+ }\r
+ }\r
+}
\ No newline at end of file