From da1493b95a2f0b5000a487ae373c9318c58d0b2d Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sun, 24 Oct 2010 21:08:27 +0000 Subject: partial implementation of flash uploader --- .../com/adobe/crypto/WSSEUsernameToken.as | 114 +++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 vendors/uploadify/com/adobe/crypto/WSSEUsernameToken.as (limited to 'vendors/uploadify/com/adobe/crypto/WSSEUsernameToken.as') diff --git a/vendors/uploadify/com/adobe/crypto/WSSEUsernameToken.as b/vendors/uploadify/com/adobe/crypto/WSSEUsernameToken.as new file mode 100644 index 000000000..92bbba6dc --- /dev/null +++ b/vendors/uploadify/com/adobe/crypto/WSSEUsernameToken.as @@ -0,0 +1,114 @@ +/* + Copyright (c) 2008, Adobe Systems Incorporated + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of Adobe Systems Incorporated nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +package com.adobe.crypto +{ + import mx.formatters.DateFormatter; + import mx.utils.Base64Encoder; + + /** + * Web Services Security Username Token + * + * Implementation based on algorithm description at + * http://www.oasis-open.org/committees/wss/documents/WSS-Username-02-0223-merged.pdf + */ + public class WSSEUsernameToken + { + /** + * Generates a WSSE Username Token. + * + * @param username The username + * @param password The password + * @param nonce A cryptographically random nonce (if null, the nonce + * will be generated) + * @param timestamp The time at which the token is generated (if null, + * the time will be set to the moment of execution) + * @return The generated token + * @langversion ActionScript 3.0 + * @playerversion Flash 9.0 + * @tiptext + */ + public static function getUsernameToken(username:String, password:String, nonce:String=null, timestamp:Date=null):String + { + if (nonce == null) + { + nonce = generateNonce(); + } + nonce = base64Encode(nonce); + + var created:String = generateTimestamp(timestamp); + + var password64:String = getBase64Digest(nonce, + created, + password); + + var token:String = new String("UsernameToken Username=\""); + token += username + "\", " + + "PasswordDigest=\"" + password64 + "\", " + + "Nonce=\"" + nonce + "\", " + + "Created=\"" + created + "\""; + return token; + } + + private static function generateNonce():String + { + // Math.random returns a Number between 0 and 1. We don't want our + // nonce to contain invalid characters (e.g. the period) so we + // strip them out before returning the result. + var s:String = Math.random().toString(); + return s.replace(".", ""); + } + + internal static function base64Encode(s:String):String + { + var encoder:Base64Encoder = new Base64Encoder(); + encoder.encode(s); + return encoder.flush(); + } + + internal static function generateTimestamp(timestamp:Date):String + { + if (timestamp == null) + { + timestamp = new Date(); + } + var dateFormatter:DateFormatter = new DateFormatter(); + dateFormatter.formatString = "YYYY-MM-DDTJJ:NN:SS" + return dateFormatter.format(timestamp) + "Z"; + } + + internal static function getBase64Digest(nonce:String, created:String, password:String):String + { + return SHA1.hashToBase64(nonce + created + password); + } + } +} \ No newline at end of file -- cgit v1.2.3