Hi,


Gregg Pollack wrote:
> Hello there.
> 
>    I've got a numbers puzzle for someone out there.
> 
>    I'm currently trying to implement X-WSSE authentication, which 
> basically means you follow these steps to create a PasswordDigest:
> 
> 1. Create a random Nonce(or string)
> 2. create the token by doing Base64(sha(nonce + timestamp + password)
> 
> Use this string to autenticate.  Basically.  Now here's my problem.
> 
> I have an example to work from:
> 
> Nonce = 
> MjAwNi0wMi0yM1QxODo1NjozMVogNDdjYzM5NTVlZmY1NzljZGIwMzVkNTljZjI4ZWU3NzE3Y2Y4NmM5Zg==
> Timestamp = 2006-02-23T18:56:31Z
> password = test
> 
> I know the result is supposed to be:
> 267V1V5JW5xqct0bOAoFEaSDL7Y=  (since this works)
> 
> But when I use ruby for this:
> 
> nonce = 
> "MjAwNi0wMi0yM1QxODo1NjozMVogNDdjYzM5NTVlZmY1NzljZGIwMzVkNTljZjI4ZWU3NzE3Y2Y4NmM5Zg=="
> time = "2006-02-23T18:56:31Z"
> password = "test"
> puts Base64.encode64(Digest::SHA1.hexdigest(nonce + time + 
> password)).strip
> 
> I get:
> MzI2OTQ4YzY4OWQ3MGMxYzMzYTEwZWI2Yzg5MzZiYzMzZGE2ZTJhMg==
> 
> 

you have to use the base64-decoded nonce, as stated in the specs at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
I've implemented Username-Authentication according to the web service 
security specifications and also signing and encrytion in the WSS4R lib 
at www.rubyforge.org/projects/wss4r. Probably that is what you need?


require "openssl"
require "base64"
include OpenSSL
include Digest

nonce = 
"MjAwNi0wMi0yM1QxODo1NjozMVogNDdjYzM5NTVlZmY1NzljZGIwMzVkNTljZjI4ZWU3NzE3Y2Y4NmM5Zg=="
time = "2006-02-23T18:56:31Z"
password = "test"


stamp = Base64::decode64(nonce)+time+password
digester = SHA1.new
digester.update(stamp)
puts("Digest: " + Base64.encode64(digester.digest().strip()))


Regards,

Roland