Help with Sha + Base64 for WSSE encoding.

[Gregg Pollack]

Hello there.

I've got a numbers puzzle for someone out there.

I'm currently trying to implement X-WSSE authentication, which
basically means you follow these steps to create a PasswordDigest:

1. Create a random Nonce(or string)
2. create the token by doing Base64(sha(nonce + timestamp + password)

Use this string to autenticate. Basically. Now here's my problem.

I have an example to work from:

Nonce =
MjAwNi0wMi0yM1QxODo1NjozMVogNDdjYzM5NTVlZmY1NzljZGIwMzVkNTljZjI4ZWU3NzE3Y2Y4NmM5Zg==
Timestamp = 2006-02-23T18:56:31Z
password = test

I know the result is supposed to be:
267V1V5JW5xqct0bOAoFEaSDL7Y= (since this works)

But when I use ruby for this:

nonce =
"MjAwNi0wMi0yM1QxODo1NjozMVogNDdjYzM5NTVlZmY1NzljZGIwMzVkNTljZjI4ZWU3NzE3Y2Y4NmM5Zg=="
time = "2006-02-23T18:56:31Z"
password = "test"
puts Base64.encode64(Digest::SHA1.hexdigest(nonce + time +
password)).strip

I get:
MzI2OTQ4YzY4OWQ3MGMxYzMzYTEwZWI2Yzg5MzZiYzMzZGE2ZTJhMg==


Can anyone see the step I'm missing?

Thanks,

Gregg Pollack
Patched Software
www.PatchedSoftware.com

 

[Tom Copeland]

1. Create a random Nonce(or string)

2. create the token by doing Base64(sha(nonce + timestamp + password)
Cool.

puts Base64.encode64(Digest::SHA1.hexdigest(nonce + time +
password)).strip

Hm, do you want to be calling SHA1.hexdigest() here? Or just
SHA1.digest()?

Yours,

Tom

 

[Anthony DeRobertis]

gets me:
MzI2OTQ4YzY4OWQ3MGMxYzMzYTEwZWI2Yzg5MzZiYzMzZGE2ZTJhMg==

Which decodes to 326948c689d70c1c33a10eb6c8936bc33da6e2a2, which is
still hex-encoded.

You need to get the raw binary hash somehow... Not sure how to do that
with Digest, though, and it seems undocumented at
http://www.ruby-doc.org/stdlib/libdoc/digest/rdoc/classes/Digest/Base.html#M000470