Password Digest

Secured SOAP Web Services requests can be authenticated using password digest mechanism.

Secured WSDL can also be tested using SOAPUI by passing password digest string in WSS header field.

Also using Axis2 Web Services framework, we can authenticate https requests by sending password digest in WSS header request and get the required response.

Sample Java 8 code to generate password digest:

package blogspot.evaluatethecode;

import org.apache.commons.lang3.RandomStringUtils;

import java.security.MessageDigest;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Base64;

public class PasswordDigest {

    public String getPasswordDigest(char [] password) throws Exception {

        String nonce = Base64.getEncoder().encodeToString(
                RandomStringUtils.randomAlphanumeric(16).getBytes());

        DateTimeFormatter dateTimeFormatter = DateTimeFormatter.
                ofPattern("yyyy-MM-dd'T'HH:mm:ssZ");
        String createdDateTime = dateTimeFormatter.format(
                ZonedDateTime.now(ZoneId.of("Asia/Kolkata")));

        String passwordDigest = nonce + createdDateTime +
                String.valueOf(password);
        System.out.println(passwordDigest);

        MessageDigest sha1 = (MessageDigest) MessageDigest.
                getInstance("SHA1").clone();
        sha1.update(passwordDigest.getBytes());

        byte [] sha1Digest = sha1.digest();
        byte [] encodedBytes = Base64.getEncoder().encode(sha1Digest);

        return new String(encodedBytes,"UTF-8");
    }

    public static void main(String [] args)  throws Exception {
        PasswordDigest passwordDigest = new PasswordDigest();
        char [] password = {'P','a','s','s','w','0','r','d'};
        System.out.println(passwordDigest.getPasswordDigest(password));

    }


}