How to use WSSE in iOS with salted sha512 with more than 1 iteration
android,ios,symfony2,sha512,wsse
If you want to reproduce the same encryption as Symfony2 with the 5000 iterations, you can use the following code: - (NSString *)hashPassword:(NSString *)password ansSalt:(NSString *)salt { NSString *passwordSalted = [NSString stringWithFormat:@"%@{%@}",password,salt]; NSData *passwordData = [passwordSalted dataUsingEncoding:NSUTF8StringEncoding]; uint8_t hash[CC_SHA512_DIGEST_LENGTH]; CC_SHA512([passwordData bytes], [passwordData length], hash); NSMutableData *allData = [[NSMutableData alloc] init];...
symfony2 skip urls from authentication
You'll need to add a specific firewall for anonymous access : firewalls: api: pattern: ^/api doc: pattern: ^/api/doc security: false public: pattern: ^/api/public security: false Another option is to allow anonymous users to access these 2 firewalls, I don't know however if it will works with remote curl calls for...
Securing Symfony RESTful API consumed by angular front?
angularjs,api,symfony2,oauth,wsse
It all depends on what your requirements are. First of all, OAuth 2 is an authentication mechanism/spec which you can use in combination with sessions/bearer tokens/... This also applies for local accounts (since you want to do user registration). FOSAuthServerBundle is a bundle to implement the server-side of the OAuth2...
WSSE Authentification using FOSUserBundle
api,symfony2,fosuserbundle,ws-security,wsse
Ok, I just found the problem... In my authentificate method (WsseProvider Class), I did return nothing ! BEFORE (doesn't works): public function authenticate(TokenInterface $token) { $user = $this->userProvider->loadUserByUsername($token->getUsername()); if(!$user){ throw new AuthenticationException("Bad credentials... Did you forgot your username ?"); } if ($user && $this->validateDigest($token->digest, $token->nonce, $token->created, $user->getPassword())) { } }...
Sending a Public Key Encoded in Base 64 in Ruby using WSSE in SOAP
Here's the code I use to extract a public key from a certificate. I use it for public key pinning, so it uses a SSL* from the connection. Essentially, you call len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL) one time to get a length, and then call len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), buffer) a second...
Configure service to use WS Security in ASP.NET
asp.net,web-services,soap,wsse
Finally I get what I need. Instead of use WS security itself I choose to made custom SoapHeader. Here is my code: Custom SoapHeader class: public class UsernameToken { public string Username { get; set; } public string Password { get; set; } } [XmlRoot("Security", Namespace = "wsse", IsNullable =...