Token generation for WSSJ4 password digest for password text type at Java mapping for Bypassing AXIS to use nosoap mode.
As per the XML security requirement relative name spaces are not allowed and when the relative name spaces do come in the structure the messages will be splitting into multipart/attachments by AXIS/PI.
If the third party corrects their issues with respect to the relative name spaces then the AXIS adapter will do the job.
But this document is to provide an alternative instead of depending upon the AXIS till the corrections are done by the parties to their structures with respect to relative name spaces
The password digest logic is Base64 ( SHA-1 ( nonce + created Time + password ) ) as per the specification http://ws.apache.org/wss4j/index.html so we have generated the token at mapping level and constructed the SOAP envelope ,body payload as per the third party requirement
To generate the token we have used apache commons codec and once the token and nonce is with us we have used with our custom soap envelope to bypass the AXIS MIME .
public void transform(TransformationInput input, TransformationOutput output)
throws StreamTransformationException {
String userName = “userid”;
String password = “password”;
String nonceString = “”;
String pwDigest = “”;
try {
nonceString = genNonce();
} catch (UnsupportedEncodingException e1) {
e1.printStackTrace();
}
String formatedTime = getFormatedTime();
try {
pwDigest = getPasswordDigestFromClearTextPW(
nonceString.getBytes(“UTF-8”), formatedTime.getBytes(“UTF-8”),
password);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (UnsupportedEncodingException e1) {
e1.printStackTrace();
}
private String getPasswordDigestFromClearTextPW(byte[] nonce,
byte[] created, String password) throws NoSuchAlgorithmException,
UnsupportedEncodingException {
MessageDigest sha1 = getMessageDigest();
if (nonce != null) {
sha1.update(nonce);
}
if (created != null) {
sha1.update(created);
}
String passwordDigest = new String(Base64.encodeBase64(sha1
.digest(getHash(password))));
sha1.reset();
return passwordDigest;
}
/*
* Get a nonce String.
*/
private String genNonce() throws UnsupportedEncodingException {
SecureRandom random = null;
int length = 128;
try {
random = SecureRandom.getInstance(“SHA1PRNG”);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
byte[] nonceValue = new byte[length / 8];
random.nextBytes(nonceValue);
return new String(Base64.encodeBase64(nonceValue), “UTF-8”);
}
/*
* Generate current time in format compliant with REST standards.
*/
private String getFormatedTime() {
Date date = new Date();
DateFormat zuluTime = new SimpleDateFormat(“yyyy-MM-dd’T’HH:mm:ss’Z'”);
zuluTime.setTimeZone(TimeZone.getTimeZone(“UTC”));
return zuluTime.format(date);
}
/*
* Generate current time + 5mins in format compliant with REST standards.
*/
private String getExpiredTime() {
Calendar cal = Calendar.getInstance();
cal.add(Calendar.MINUTE, 5);
Date newmins =cal.getTime();
DateFormat zuluTime = new SimpleDateFormat(“yyyy-MM-dd’T’HH:mm:ss’Z'”);
zuluTime.setTimeZone(TimeZone.getTimeZone(“UTC”));
return zuluTime.format(newmins);
}
/**
* Gets the SHA–1 hash of the string. This is a helper method to first hash
* the password so that password hash can be fed to passwordDigest.
* <p>
* All digesting is done in the UTF–8 encoding.
*
* @param string
* @return the SHA–1 hash of the UTF8 encoded string
* @throws NoSuchAlgorithmException
* @throws UnsupportedEncodingException
*/
private byte[] getHash(String string) throws NoSuchAlgorithmException,
UnsupportedEncodingException {
MessageDigest sha1 = getMessageDigest();
/*
* Java strings are UTF-16, so when digesting use the UTF-8 encoding as
* that is standard practice on the Internet.
*/
byte[] hash = getMessageDigest().digest(string.getBytes(“UTF-8”));
sha1.reset();
return hash;
}
/**
* Get a MessageDigest instance for the given algorithm.
*
* @return MessageDigest instance
* @throws NoSuchAlgorithmException
*/
protected MessageDigest getMessageDigest() throws NoSuchAlgorithmException {
return MessageDigest.getInstance(“SHA-1”);
}
}
I would like to take and opportunity to say Thanks to the PI expert Sebin for identifying the issue and for making us to learn more on this. And also thanks to team at Cognizant who shared their views while implementing this interface.
Prasad Konda.
Hi Prasad,
I know this was posted 3 years ago and my apologies for asking this very late. With regards to custom code above, any additional input like what codecs or jar files needed to be deployed in SAP PI?
Cheers,
R-jay