I am working in integrating DigestPassword web service in my iPhone application. For this purpose I need to generate nonce and passwordDigest. I tried hard but I could not find any working example in Google search.
I have done it following way: Updated Code:
NSString *user = @"XXXXXXXXXXXXXXXXXXXXXX";
NSNumber *nonce = @(arc4random());
NSLog(@"nonce %@",[self encodeStringTo64:[nonce stringValue]]);
NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
[dateFormatter setDateFormat:@"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"];
NSString *created = [dateFormatter stringFromDate:[NSDate date]];
NSLog(@"created %@",created);
NSString *digest_concat = [NSString stringWithFormat:@"%@%@%@", nonce, created, @"Pwd@123"];
NSData *digestBytes = [self shaa1:digest_concat];
NSString *digestBase64 = [self base64forData:digestBytes];
NSLog(@"digestBase64 %@",digestBase64);
NSString *strSOAP = [NSString stringWithFormat:@"<soap:Envelope xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:v1=\"http://sita.aero/iborders/external/ReferralManagementServiceWSDLType/V1\"><soap:Header><wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:UsernameToken wsu:Id=\"UsernameToken-27E173B8CF239BE6F01440582357416191\"><wsse:Username>%@</wsse:Username><wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">%@</wsse:Password><wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">%@</wsse:Nonce><wsu:Created>%@</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><v1:SearchReferralsRequest><v1:ReferralSearchCriteria><ReferralId>2038100</ReferralId></v1:ReferralSearchCriteria><v1:Paging><FetchNumber>1</FetchNumber><ResultsPerFetch>1</ResultsPerFetch></v1:Paging></v1:SearchReferralsRequest></soap:Body></soap:Envelope>",user,digestBase64,[self encodeStringTo64:[nonce stringValue]],created];
- (NSString*)encodeStringTo64:(NSString*)fromString{
NSData *plainData = [fromString dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64String;
if ([plainData respondsToSelector:@selector(base64EncodedStringWithOptions:)]) {
base64String = [plainData base64EncodedStringWithOptions:kNilOptions]; // iOS 7+
} else {
base64String = [plainData base64Encoding]; // pre iOS7
}
return base64String;
}
- (NSData *)shaa1:(NSString *)input {
NSData *data = [input dataUsingEncoding:NSUTF8StringEncoding];
uint8_t digest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(data.bytes, (CC_LONG) data.length, digest);
return [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
}
Can someone please check my code for creating nonce and password digest and let me know what mistake I am making as I am not able to access web service with this? I am always getting Message Expired error. Error:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Body>
<soap:Fault>
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
<soap:Subcode>
<soap:Value xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:MessageExpired</soap:Value>
</soap:Subcode>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">The message has expired</soap:Text>
</soap:Reason>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Edit: My Desired SOAP Request:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:v1="http://xxxxx/xxxx/external/ServiceWSDLType/V1">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-XXXXX">
<wsse:Username>XXXXXXXXXXXXXXXXXXX</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">iAdbggkXsbNih5wBJ8M2tyyVWiA=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">b8SD2g2iiVvihx7ajVwPfw==</wsse:Nonce>
<wsu:Created>2015-08-28T07:16:04.857Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<v1:SearchReferralsRequest>
<v1:ReferralSearchCriteria>
<ReferralId>213213</ReferralId>
</v1:ReferralSearchCriteria>
<v1:Paging>
<FetchNumber>1</FetchNumber>
<ResultsPerFetch>1</ResultsPerFetch>
</v1:Paging>
</v1:SearchReferralsRequest>
</soap:Body>
</soap:Envelope>
I think you need to send SHA1 digest without additional encoding into hex string.
Try this function for SHA1:
- (NSData *)sha1:(NSString *)input {
NSData *data = [input dataUsingEncoding:NSUTF8StringEncoding];
uint8_t digest[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(data.bytes, (CC_LONG) data.length, digest);
return [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];
}
Also check that time value in password digest is the same as wsu:Created.
Update #1
Also you use base64 nonce in password digest but in documentation formula is:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
So nonce must be number, not base64 encoded number. Try this password digest code:
NSNumber *nonce = @(arc4random());
NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
[dateFormatter setDateFormat:@"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"];
NSString *created = [dateFormatter stringFromDate:[NSDate date]];
NSString *digest_concat = [NSString stringWithFormat:@"%@%@%@", nonce, created, password];
Update #2
Looks like you have expired message because of time zone. From specification Web Services Security: SOAP Message Security Version 1.1.1:
This specification defines and illustrates time references in terms of the xsd:dateTime type defined in XML Schema. It is RECOMMENDED that all time references use this type. All references MUST be in UTC time. Implementations MUST NOT generate time instants that specify leap seconds. If, however, other time types are used, then the ValueType attribute (described below) MUST be specified to indicate the data type of the time format. Requestors and receivers SHOULD NOT rely on other applications supporting time resolution finer than milliseconds.
Use UTC time zone:
NSDateFormatter *dateFormatter = [[NSDateFormatter alloc] init];
[dateFormatter setDateFormat:@"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"];
[dateFormatter setTimeZone:[NSTimeZone timeZoneWithAbbreviation:@"UTC"]];
NSString *created = [dateFormatter stringFromDate:[NSDate date]];