实施WS-Security in Progress ABL

时间:2014-09-30 13:38:48

标签: soap ws-security progress-4gl openedge

我正在努力实施WS-Security in Progress ABL。

似乎有可能,这个知识库:http://knowledgebase.progress.com/articles/Article/P88147陈述:

  
      
  • 对于传出的WS-Security,使用OpenEdge Web服务客户端手动创建包含WS-Security内容的SOAP标头。
    •   

首先,我正在努力创建base64编码和SHA1消化的密码哈希。

根据WS-Security规范进行密码摘要。 Source. 

Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

Nonce 是一个特定长度的随机字符串,基本上可以是UUID。 nonce是Base64编码的(它在soap头中编码发送)。

已创建是格式为" YYYY-MM-DDTHH:MM:SS.SSSZ"的日期。毫秒是可选的。应始终设置Z代表GMT。

密码是由网络服务提供商提供的密码。

试图在SO上模仿这个答案: Working algorithm for PasswordDigest in WS-Security 

PROCEDURE generatePassHash:
    DEFINE INPUT  PARAMETER pcNonce    AS CHARACTER   NO-UNDO.
    DEFINE INPUT  PARAMETER pcCreated  AS CHARACTER   NO-UNDO.
    DEFINE INPUT  PARAMETER pcPassword AS CHARACTER   NO-UNDO.

    DEFINE OUTPUT PARAMETER pcHash     AS CHARACTER   NO-UNDO.

    DEFINE VARIABLE mBytes        AS MEMPTR      NO-UNDO.
    DEFINE VARIABLE cNonceDecoded AS CHARACTER   NO-UNDO.

    /* Base64-decode the nonce since it's in encoded format */
    ASSIGN 
        cNonceDecoded = STRING(BASE64-DECODE(pcNonce)).

    /* Set size of mempointer */
    SET-SIZE(mBytes) = LENGTH(cNonceDecoded) + LENGTH(pcCreated) + LENGTH(pcPassword) + 1.

    /* Put the decoded nonce first */
    PUT-STRING(mBytes, 1) = cNonceDecoded.

    /* Add create time */
    PUT-STRING(mBytes, 1 + LENGTH(cNonceDecoded)) = pcCreated.

    /* Add password */
    PUT-STRING(mBytes, 1 + LENGTH(cNonceDecoded) + LENGTH(pcCreated)) = pcPassword.

    /* Create out-data */
    pcHash = STRING(BASE64-ENCODE(SHA1-DIGEST(mBytes))).

    /* Clean up mempointer */
    SET-SIZE(mBytes) = 0.


END PROCEDURE.

DEFINE VARIABLE cNonce       AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cTimeStamp   AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cClearPass   AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cRightAnswer AS CHARACTER   NO-UNDO.

ASSIGN
    cNonce       = "UIYifr1SPoNlrmmKGSVOug=="
    cTimeStamp   = "2009-12-03T16:14:49Z"
    cClearPass   = "test8"
    cRightAnswer = "yf2yatQzoaNaC8BflCMatVch/B8=".

RUN generatePassHash(cNonce, cTimeStamp, cClearPass, OUTPUT cHash).

MESSAGE "Is:" SKIP cHash SKIP(2)
    "Should be:" SKIP
    cRightAnswer
    VIEW-AS ALERT-BOX INFORMATION TITLE "OK?".

我猜这可能与我弄乱mempointer处理或一切都应该是UTF-8的事实有关吗?

NB

我可以使用这个简单的代码轻松地生成与上面引用的问题中提到的相同的错误哈希:

MESSAGE STRING(BASE64-ENCODE(SHA1-DIGEST("UIYifr1SPoNlrmmKGSVOug==" + "2009-12-03T16:14:49Z" + "test8"))) VIEW-AS ALERT-BOX

1 个答案:

答案 0 :(得分:1)

如果没有指定长度,PUT-STRING将把一个以NULL结尾的字符串放入你的MEMPTR中 - 这就是你需要将长度设置为+ 1的原因 - 这是' Can'的错误解决方案。 t PUT超过MEMPTR的结束。 (4791)'

从SET-SIZE中删除+1并将密码更改为:

PUT-STRING(mBytes,1 + LENGTH(cNonceDecoded)+ LENGTH(pcCreated),LENGTH(pcPassword))= pcPassword。

相关问题
最新问题