New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong password digest #22
Comments
What? the XML tags are all gone? However, I thought you can still get info from it. |
usually the last standard for the digest is composed nonce + date + password and encode this with sha1 + base64, maybe your server encoding with md5? |
Thank for your reply. SHA1 should output a 20 bytes array, and this should be base64 directly, we'll got a string which length is about 28 characters. your digest is: NDY3ZDM0ZTU2NDAzNjc4Njg4YmJlODRmY2E1MWUzYTk3ZDQxYzM2Zg==, this is a little long than we expected. I decode your digest and I got "467d34e56403678688bbe84fca51e3a97d41c36f", seems you converted the SHA1 output to hex string before base64. plus, even convert "467d34e56403678688bbe84fca51e3a97d41c36f" to a byte array, seems it's not the right one. My server is based on Apache CXF framework, I think it will not fail me in this point. Thanks. |
is true, it is converted to hexadecimal, this is a mistake, now I send email to you with this fix and after if you confirm for me that is correct, after will update github and, of course, you will have one free license for your excellent cooperation and for your patience |
Please, download and try this, look a your feedback. SOAPEngine |
Hi priore, Thanks for your works. I have tested the lib you sent to me, and noticed that the digest still Here is my obj-c code to generate the digest: +(NSString_)GenaratePasswordDigest:(NSData_)nonceBytes { NSData* bc = [created dataUsingEncoding:NSUTF8StringEncoding]; NSData* bp = [password dataUsingEncoding:NSUTF8StringEncoding]; NSMutableData* buff = [NSMutableData alloc]; [buff appendData:nonceBytes]; [buff appendData:bc]; [buff appendData:bp]; uint8_t digest[CC_SHA1_DIGEST_LENGTH]; CC_SHA1(buff.bytes, (CC_LONG)buff.length, digest); // NSData* ds = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH]; return [ds base64Encoding]; } The [NSData base64Encoding] is a catalogy, I'm sure you alreay have a Cheers. 2015-01-17 20:19 GMT+08:00 Danilo Priore notifications@github.com:
|
sorry, i found a double coding (mistakenly!). the code that used is written like this : CFUUIDRef theUUID = CFUUIDCreate(NULL);
CFStringRef uuidRef = CFUUIDCreateString(NULL, theUUID);
NSString *nonce = [(__bridge NSString*)uuidRef stringByReplacingOccurrencesOfString:@"-" withString:@""];
CFRelease(uuidRef);
CFRelease(theUUID);
// digest password
NSString *s_digest = [NSString stringWithFormat:@"%@%@%@", nonce, created, password];
NSData *data = [s_digest dataUsingEncoding:NSUTF8StringEncoding];
uint8_t b_digest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(data.bytes, (CC_LONG)data.length, b_digest);
NSData *digest [[NSData alloc] initWithBytes:b_digest length:CC_SHA1_DIGEST_LENGTH];
NSString *digestbase64 = [SOAPBase64 base64EncodingWithData:digest]; Sorry for this tests that you do, but at this time I do not have more a server with ws-security for testing it, anyway you will receiving an gift for your trouble, please send me an email to support (at) prioregroup.com for this special gift. many thanks |
Hi priore, Here's your output, I exactd this from my server's log: <wsse:UsernameToken xmlns:wsu=" Yes, the digest's length seems ok, but this request still not valid. Turns out your nonce is the original uuid string(replaced "-" with " ") Cheers. 2015-01-18 20:47 GMT+08:00 Danilo Priore notifications@github.com:
|
hi, v.1.11.1 - base64(sha1-hex(base64(nonce)+date+password)) is wrong. nonce = uuid, perhaps use uuid is wrong ? |
Hi, Sorry, maybe I'm not make myself clear. digest = base64(sha1(nonce+date+password) , this is no question. however, you should put base64(nonce) in xml nonce node, not nonce Cheer. 2015-01-19 18:08 GMT+08:00 Danilo Priore notifications@github.com:
|
Hi, here is my xml: <wsse:Nonce EncodingType=" you can decode nonce, and it should be see, I also use uuid as nonce, but you should put base64(nonce) here. Cheer. 2015-01-19 18:12 GMT+08:00 曹春 coinicon@gmail.com:
|
yes, I understand, it is true, thanks ;) |
Good news, the digest and nonce are all correct and passed the CXF check. Congratulations! But, now I'm facing a namespace issue, and trying to figure out why. Here is xml snippet from the request which works, I ignored the ws-security <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" Following is the request which created by soapengine and does not works: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" Could you please point out what's the different between those two? Thanks! 2015-01-19 18:24 GMT+08:00 Danilo Priore notifications@github.com:
|
try with this : soap.envelope = @"xmlns:ws=\"http://ws.qs.ihealthtrack.com/\""; and in the requestURL method to use @"ws:GetProfile" for soapAction param. |
Hi, I'm using soap1.2 and got a error. the content-type from your http header like this: I think you put a comma (instead of a semicolon) after "utf-8" by 2015-01-19 20:01 GMT+08:00 Danilo Priore notifications@github.com:
|
fixed 789c3c7 |
seems not fixed the comma issue yet. correct format should be: |
sorry, maybe you're using an older version, the new version 789c3c7 the content type is text/xml; charset=utf-8; action="http://www.prioregroup.com/GetVerses" |
Hi @priore ,
I'm using ws-security password digest, and I found the digest may be wrong.
SOAPEngine generated following xml:
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">NDY3ZDM0ZTU2NDAzNjc4Njg4YmJlODRmY2E1MWUzYTk3ZDQxYzM2Zg==/wsse:Password<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MEQ0RDJDQkIzMjM4NEMxODg1QkUwMDU5NDZEMTZERUM=/wsse:Noncewsu:Created2015-01-15T03:33:24Z/wsu:Created
the digest was: NDY3ZDM0ZTU2NDAzNjc4Njg4YmJlODRmY2E1MWUzYTk3ZDQxYzM2Zg==
But my server (CXF) calculated out digest was: WvY1DPYdw/xcQKvULVEvREXx2wg=
They are different.
I also confirmed this issue by soapui.
So, could you please check this out?
Thanks!
The text was updated successfully, but these errors were encountered: