小贝子编程

正在实施WS-Security ABL



我正在努力实现WS-Security in Progress ABL。

这似乎是可能的,这个知识库:http://knowledgebase.progress.com/articles/Article/P88147状态:

  • 对于传出的WS-Security,请使用OpenEdge Web服务客户端手动创建包含WS-Security内容的SOAP标头

首先,我正在努力创建一个base64编码和SHA1消化的密码哈希。

根据WS-Security规范的密码摘要。来源

Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

Nonce是一个特定长度的随机字符串,基本上可以是UUID。nonce是Base64编码的(发送时在soap标头中进行编码)。

Created是一个格式为"YYYY-MM-DDTHH:MM:SS.SSZ"的日期。毫秒是可选的。应始终设置GMT的Z。

密码是web服务提供商提供的密码。

试图在SO上模仿这个答案:WS-Security 中PasswordDigest的工作算法

PROCEDURE generatePassHash:
    DEFINE INPUT  PARAMETER pcNonce    AS CHARACTER   NO-UNDO.
    DEFINE INPUT  PARAMETER pcCreated  AS CHARACTER   NO-UNDO.
    DEFINE INPUT  PARAMETER pcPassword AS CHARACTER   NO-UNDO.
    DEFINE OUTPUT PARAMETER pcHash     AS CHARACTER   NO-UNDO.
    DEFINE VARIABLE mBytes        AS MEMPTR      NO-UNDO.
    DEFINE VARIABLE cNonceDecoded AS CHARACTER   NO-UNDO.
    /* Base64-decode the nonce since it's in encoded format */
    ASSIGN 
        cNonceDecoded = STRING(BASE64-DECODE(pcNonce)).
    /* Set size of mempointer */
    SET-SIZE(mBytes) = LENGTH(cNonceDecoded) + LENGTH(pcCreated) + LENGTH(pcPassword) + 1.
    /* Put the decoded nonce first */
    PUT-STRING(mBytes, 1) = cNonceDecoded.
    /* Add create time */
    PUT-STRING(mBytes, 1 + LENGTH(cNonceDecoded)) = pcCreated.
    /* Add password */
    PUT-STRING(mBytes, 1 + LENGTH(cNonceDecoded) + LENGTH(pcCreated)) = pcPassword.
    /* Create out-data */
    pcHash = STRING(BASE64-ENCODE(SHA1-DIGEST(mBytes))).
    /* Clean up mempointer */
    SET-SIZE(mBytes) = 0.

END PROCEDURE.
DEFINE VARIABLE cNonce       AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cTimeStamp   AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cClearPass   AS CHARACTER   NO-UNDO.
DEFINE VARIABLE cRightAnswer AS CHARACTER   NO-UNDO.
ASSIGN
    cNonce       = "UIYifr1SPoNlrmmKGSVOug=="
    cTimeStamp   = "2009-12-03T16:14:49Z"
    cClearPass   = "test8"
    cRightAnswer = "yf2yatQzoaNaC8BflCMatVch/B8=".
RUN generatePassHash(cNonce, cTimeStamp, cClearPass, OUTPUT cHash).
MESSAGE "Is:" SKIP cHash SKIP(2)
    "Should be:" SKIP
    cRightAnswer
    VIEW-AS ALERT-BOX INFORMATION TITLE "OK?".

我猜这可能是因为我把mempointer处理搞砸了,或者是因为所有东西都应该是UTF-8?

NB

我可以用这个简单的代码很容易地产生与上面提到的问题相同的错误哈希:

MESSAGE STRING(BASE64-ENCODE(SHA1-DIGEST("UIYifr1SPoNlrmmKGSVOug==" + "2009-12-03T16:14:49Z" + "test8"))) VIEW-AS ALERT-BOX

PUT-STRING将在未指定长度的情况下,将一个以NULL结尾的字符串放入MEMPTR中-这就是为什么您需要将长度设置为+1-这是"无法将其置于MEMPTR末尾"的错误解决方案。(4791)'

从SET-SIZE中删除+1并将密码更改为:

PUT-STRING(mBytes,1+LENGTH(cNonceDecoded)+LENGTH。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium