Category Archives: X-WSSE

How to generate X-WSSE Token using Java

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using Java.

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Random;
import java.util.TimeZone;
import javax.xml.bind.DatatypeConverter;
 
public class xwsse {
 
    final protected static char[] hexArray = "0123456789abcdef".toCharArray();
 
    public static void main(String[] args) {
        String xwsse = getWsseHeader("CLIENT_ID", "CLIENT_SECRET");
        System.out.println(xwsse);
    }
 
    private static String getWsseHeader(String username, String secret) {
        String nonce = getNonce();
        String created = getUTCTimestamp();
        String digest = getPasswordDigest(nonce, created, secret);
 
        return String.format("UsernameToken Username=\"%s\", PasswordDigest=\"%s\", " + "Nonce=\"%s\", Created=\"%s\"", username, digest, nonce, created);
    }
 
    private static String getUTCTimestamp() {
        SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
        sdf.setTimeZone(TimeZone.getTimeZone("UTC"));
        return sdf.format(new Date());
    }
 
    private static String getNonce() {
        byte[] nonceBytes = new byte[16];
        new Random().nextBytes(nonceBytes);
        return bytesToHex(nonceBytes);
    }
 
    private static String getPasswordDigest(String nonce, String created, String secret) {
        String digest = "";
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            String hashedString = String.format("%s%s%s", nonce, created, secret);
            messageDigest.update(hashedString.getBytes("UTF-8"));
            String sha256Sum = bytesToHex(messageDigest.digest());
            digest = DatatypeConverter.printBase64Binary(sha256Sum.getBytes("UTF-8"));
        } catch(NoSuchAlgorithmException ex) {
            System.out.println("No SHA-256 algorithm found");
        } catch(UnsupportedEncodingException ex) {
            System.out.println("Unable to use UTF-8 encoding");
        }
        return digest;
    }
 
    private static String bytesToHex(byte[] bytes) {
        char[] hexChars = new char[bytes.length*2];
        for(int j=0; j<bytes.length; j++) {
            int v = bytes[j] & 0xFF;
            hexChars[j*2] = hexArray[v >>> 4];
            hexChars[j*2+1] = hexArray[v & 0x0F];
        }
        return new String(hexChars);
    }
 
}

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.

How to generate X-WSSE Token using Golang

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using Golang.

package main
 
import(
    "crypto/sha256"
    "crypto/md5"
    "encoding/base64"
    "encoding/hex"
    "fmt"
    "math/rand"
    "time"
    "strconv"
)
 
func getWsseHeader(username string, secret string) string {
    created := time.Now().Format(time.RFC3339)
    m := md5.New()
    m.Write([]byte(strconv.FormatFloat(rand.Float64(), 'f', 6, 64)))
    nonce := hex.EncodeToString(m.Sum(nil));
    text := (nonce + created + secret)
    h := sha256.New()
    h.Write([]byte(text))
    sha256 := hex.EncodeToString(h.Sum(nil))
    passwordDigest := base64.StdEncoding.EncodeToString([]byte(sha256))
    return string("UsernameToken Username=\"" + username + "\", PasswordDigest=\"" + passwordDigest + "\", Nonce=\"" + nonce + "\", Created=\"" + created + "\"")
}
 
func main() {
    rand.Seed(time.Now().UnixNano())
    var xwsse = getWsseHeader("CLIENT_ID", "CLIENT_SECRET");
    fmt.Println(xwsse);
}

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.

How to generate X-WSSE Token using Ruby

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using Ruby.

require 'time'
require 'base64'
require 'digest'
 
def getWsseHeader(username, secret)
    nonce = Digest::MD5.hexdigest(rand.to_s)
    created=Time.now.utc.iso8601
    passwordDigest=Base64.strict_encode64(Digest::SHA256.hexdigest(nonce+created+secret)).strip
    header='UsernameToken '+"Username=\"#{username}\", "+"PasswordDigest=\"#{passwordDigest}\", "+"Nonce=\"#{nonce}\", "+"Created=\"#{created}\""
    return header
end
 
xwsse = getWsseHeader("CLIENT_ID", "CLIENT_SECRET");
print xwsse

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.

How to generate X-WSSE Token using Python

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using Python.

import datetime
import hashlib
import random
import base64
 
def getWsseHeader(username, secret):
    created = datetime.datetime.utcnow().isoformat();
    nonce = hashlib.md5(str(random.getrandbits(128)).encode('utf-8')).hexdigest()
    digest = "".join((nonce, created, secret))
    digest = hashlib.sha256(digest.encode('utf-8')).hexdigest()
    digest = base64.b64encode(digest.encode("utf-8")).decode('utf-8')
    return ('UsernameToken Username="{username}", '
            'PasswordDigest="{digest}", Nonce="{nonce}", '
            'Created="{created}"').format(username=username,
                                        digest=digest,
                                        nonce=nonce,
                                        created=created)
 
xwsse = getWsseHeader("CLIENT_ID", "CLIENT_SECRET");
print(xwsse)

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.

How to generate X-WSSE Token using PHP

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using PHP.

function getWsseHeader($username, $secret) {
 
    $nonce = md5(rand());
    $created  = date('c');
    $digest   = base64_encode(hash('sha256', $nonce . $created . $secret, false));
 
    $wsseHeader = sprintf(
        'UsernameToken Username="%s", PasswordDigest="%s", Nonce="%s", Created="%s"',
        $username,
        $digest,
        $nonce,
        $created
    );
 
    return $wsseHeader;
 
}
 
$xwsse = getWsseHeader("CLIENT_ID", "CLIENT_SECRET");
echo $xwsse;

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.

How to generate X-WSSE Token using NodeJS

Learn how to generate X-WSSE Token and how to authorize requests using X-WSSE header authentication.

If you’re not familiar with X-WSSE Token Authentication and why you should use it, go ahead and read this article that contains the basics of this type of authentication.

In this article I’ll describe how to generate a X-WSSE Token using NodeJS.

const crypto = require('crypto');
 
function getWsseHeader(username, secret) {
 
    const nonce = crypto.randomBytes(16).toString('hex');
    const created = new Date().toISOString();
    const hash = crypto.createHash('sha256').update(nonce + created + secret, 'utf-8').digest('hex');
    const digest = Buffer.from(hash).toString('base64');
     
    return `UsernameToken Username="${username}", PasswordDigest="${digest}", Nonce="${nonce}", Created="${created}"`;
 
}
 
const xwsse = getWsseHeader('CLIENT_ID', 'CLIENT_SECRET');
console.log(xwsse);

That’s it. Check my other X-WSSE Articles and learn how to generate the token using other programming languages.