+++ /dev/null
-/*\r
- Copyright (c) 2008, Adobe Systems Incorporated\r
- All rights reserved.\r
-\r
- Redistribution and use in source and binary forms, with or without \r
- modification, are permitted provided that the following conditions are\r
- met:\r
-\r
- * Redistributions of source code must retain the above copyright notice, \r
- this list of conditions and the following disclaimer.\r
- \r
- * Redistributions in binary form must reproduce the above copyright\r
- notice, this list of conditions and the following disclaimer in the \r
- documentation and/or other materials provided with the distribution.\r
- \r
- * Neither the name of Adobe Systems Incorporated nor the names of its \r
- contributors may be used to endorse or promote products derived from \r
- this software without specific prior written permission.\r
-\r
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS\r
- IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\r
- THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\r
- PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR \r
- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\r
- EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\r
- PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\r
- PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\r
- LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\r
- NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\r
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
-*/\r
-\r
-package com.adobe.crypto\r
-{\r
- import mx.formatters.DateFormatter;\r
- import mx.utils.Base64Encoder;\r
- \r
- /**\r
- * Web Services Security Username Token\r
- *\r
- * Implementation based on algorithm description at \r
- * http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf\r
- */\r
- public class WSSEUsernameToken\r
- {\r
- /**\r
- * Generates a WSSE Username Token.\r
- *\r
- * @param username The username\r
- * @param password The password\r
- * @param nonce A cryptographically random nonce (if null, the nonce\r
- * will be generated)\r
- * @param timestamp The time at which the token is generated (if null,\r
- * the time will be set to the moment of execution)\r
- * @return The generated token\r
- * @langversion ActionScript 3.0\r
- * @playerversion Flash 9.0\r
- * @tiptext\r
- */\r
- public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String\r
- {\r
- if (nonce == null)\r
- {\r
- nonce = generateNonce();\r
- }\r
- nonce = base64Encode(nonce);\r
- \r
- var created:String = generateTimestamp(timestamp);\r
- \r
- var password64:String = getBase64Digest(nonce,\r
- created,\r
- password);\r
- \r
- var token:String = new String("UsernameToken Username=\"");\r
- token += username + "\", " +\r
- "PasswordDigest=\"" + password64 + "\", " +\r
- "Nonce=\"" + nonce + "\", " +\r
- "Created=\"" + created + "\"";\r
- return token;\r
- }\r
- \r
- private static function generateNonce():String\r
- {\r
- // Math.random returns a Number between 0 and 1. We don't want our\r
- // nonce to contain invalid characters (e.g. the period) so we\r
- // strip them out before returning the result.\r
- var s:String = Math.random().toString();\r
- return s.replace(".", "");\r
- }\r
- \r
- internal static function base64Encode(s:String):String\r
- {\r
- var encoder:Base64Encoder = new Base64Encoder();\r
- encoder.encode(s);\r
- return encoder.flush();\r
- }\r
- \r
- internal static function generateTimestamp(timestamp:Date):String\r
- {\r
- if (timestamp == null)\r
- {\r
- timestamp = new Date();\r
- }\r
- var dateFormatter:DateFormatter = new DateFormatter();\r
- dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS"\r
- return dateFormatter.format(timestamp) + "Z";\r
- }\r
- \r
- internal static function getBase64Digest(nonce:String, created:String, password:String):String\r
- {\r
- return SHA1.hashToBase64(nonce + created + password);\r
- }\r
- }\r
-}
\ No newline at end of file