Last active
November 1, 2018 15:55
-
-
Save dnetix/b616e8a39190abc3e0e54227768e90a3 to your computer and use it in GitHub Desktop.
A quick script to create the authentication WSS on Java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.math.BigInteger; | |
| import java.security.SecureRandom; | |
| import java.text.SimpleDateFormat; | |
| import java.util.Base64; | |
| import java.io.UnsupportedEncodingException; | |
| import java.security.MessageDigest; | |
| import java.security.NoSuchAlgorithmException; | |
| import java.util.Date; | |
| import java.util.Locale; | |
| class WSAuthentication { | |
| /** | |
| * Example of use, in your code you can ignore this function | |
| * @param args | |
| * @throws NoSuchAlgorithmException | |
| */ | |
| public static void main(String[] args) throws NoSuchAlgorithmException { | |
| String login = "usuarioprueba"; | |
| String tranKey = "ABCD1234"; | |
| WSAuthentication auth = new WSAuthentication(login, tranKey); | |
| // Example of the values to use. YOU NEED TO CHANGE FOR YOUR OWN LOGIN AND TRANKEY | |
| System.out.println("Login: " + auth.getLogin()); | |
| System.out.println("TranKey: " + auth.getTranKey()); | |
| System.out.println("Seed: " + auth.getSeed()); | |
| System.out.println("Nonce: " + auth.getNonce()); | |
| // This is just a quick test, IGNORE IT | |
| String nonce = "12345678"; | |
| String seed = "2018-01-29T17:02:49-05:00"; | |
| auth.setNonce(nonce).setSeed(seed); | |
| if (auth.getTranKey().equals("dsRL5wIymrySr9TgsYtxWZEIb5/RtW1v3n3xLqQZKj4=") && auth.getNonce().equals("MTIzNDU2Nzg=")) { | |
| System.out.println("--- Quick DIGEST test passed ---"); | |
| } else{ | |
| System.out.println("--- Quick DIGEST test FAILING ---"); | |
| } | |
| if (auth.getBasicTranKey().equals("e7257c88887833c638aacf137fe92e729fa93fbf583ddd263f1ac67deaf993e3")) { | |
| System.out.println("--- Quick BASIC test passed ---"); | |
| } else { | |
| System.out.println("--- Quick BASIC test FAILING: " + auth.getBasicTranKey() + " ---"); | |
| } | |
| } | |
| protected String login; | |
| protected String tranKey; | |
| protected String seed; | |
| protected String nonce; | |
| public WSAuthentication(String login, String tranKey) { | |
| this.login = login; | |
| this.tranKey = tranKey; | |
| this.generate(); | |
| } | |
| /** | |
| * Invoque this function each time that you use this class to generate a WS call | |
| * this will save the need to construct a new class every time | |
| * @return | |
| */ | |
| public WSAuthentication generate() { | |
| this.nonce = new BigInteger(130, new SecureRandom()).toString(); | |
| this.seed = (new SimpleDateFormat("yyyy-MM-dd'T'HH:mmZ", Locale.getDefault())).format(new Date()); | |
| return this; | |
| } | |
| /** | |
| * Returns the login to use on the authentication structure | |
| * @return String | |
| */ | |
| public String getLogin() { | |
| return this.login; | |
| } | |
| /** | |
| * Constructs the password digest String to use on the authentication structure | |
| * @return String | |
| */ | |
| public String getTranKey() { | |
| try { | |
| return base64(sha256(nonce + seed + tranKey)); | |
| } catch (NoSuchAlgorithmException e) { | |
| return null; | |
| } | |
| } | |
| /** | |
| * Constructs the password hash for simple authentication services like AIM or PSE | |
| * @return String | |
| */ | |
| public String getBasicTranKey() { | |
| try { | |
| return sha256String(seed + tranKey); | |
| } catch (NoSuchAlgorithmException e) { | |
| return null; | |
| } | |
| } | |
| /** | |
| * Returns the seed on which the password digest has been calculated | |
| * @return | |
| */ | |
| public String getSeed() { | |
| return this.seed; | |
| } | |
| /** | |
| * Returns the Base64 encoded nonce used to generate the password digest | |
| * @return | |
| */ | |
| public String getNonce() { | |
| return base64(nonce.getBytes()); | |
| } | |
| /** | |
| * FOR TESTING PURPOSES, there is no need to set this one, actually is a security risk | |
| * created to test the password digest algorithm | |
| * @param seed | |
| * @return | |
| */ | |
| public WSAuthentication setSeed(String seed) { | |
| this.seed = seed; | |
| return this; | |
| } | |
| /** | |
| * FOR TESTING PURPOSES, there is no need to set this one, actually is a security risk | |
| * created to test the password digest algorithm | |
| * @param nonce | |
| * @return | |
| */ | |
| public WSAuthentication setNonce(String nonce) { | |
| this.nonce = nonce; | |
| return this; | |
| } | |
| static byte[] sha256(String input) throws NoSuchAlgorithmException { | |
| MessageDigest mDigest = MessageDigest.getInstance("SHA-256"); | |
| return mDigest.digest(input.getBytes()); | |
| } | |
| static String sha256String(String input) throws NoSuchAlgorithmException { | |
| MessageDigest mDigest = MessageDigest.getInstance("SHA-256"); | |
| byte[] result = mDigest.digest(input.getBytes()); | |
| StringBuffer sb = new StringBuffer(); | |
| for (int i = 0; i < result.length; i++) { | |
| sb.append(Integer.toString((result[i] & 0xff) + 0x100, 16).substring(1)); | |
| } | |
| return sb.toString(); | |
| } | |
| static String base64(byte[] input) { | |
| byte[] encodedBytes = (Base64.getEncoder()).encode(input); | |
| return new String(encodedBytes); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment