01-15-2018 09:05 AM
I have a SOAP Webservice i have to access. The Problem is that i need to send a Password thats combined with some hashes and other fields.
i need to send the following password:
Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )
nonce = the Request ID
created = the timestamp
I know its possible to create a Base64 Hash and a SHA-1 hash (with an extra java Programm) but how do i get the Request ID and the Timestamp of my Request?
Is it even possible to get this information in SAS or do i have to make a JAVA-Programm which does the soap stuff?
Thanks for your help
01-15-2018 09:40 AM
SAS has a SHA256 function, but (as far as I know) does not have a SHA1 function. This topic thread shows how to call SHA1 in PROC Groovy.
Once you have that, you can combine and implement the Base64 part with the $BASE64 format.
data _null_; length nonce $ 50 created $ 28 password $ 25 value $ 256 sha1val $ 256; nonce = "nonce-value"; /* datetime in SOAP XML string format */ /* TODO: verify proper ISO format for this */ created = put(datetime(),is8601dz.); password = "password"; value = cats(nonce, created, password); /* TBD: add step to SHA1 encode */ sha1val = value; call symput('credential', put(trim(sha1val), $BASE64x256.)); run; %put &credential;
40 %put &credential; bm9uY2UtdmFsdWUyMDE4LTAxLTE1VDA5OjM5OjEzKzAwOjAwcGFzc3dvcmQ=
01-16-2018 03:40 AM
thanks for your answer.
But the actual problem i have is neither the base64 nor the sha-1 encryption.
It's more the problem how can i use those fields (timestamp, Request-ID) in the proc soap;
is it possible to use proc soap if those fileds are unique for every request?
PROC SOAP IN = %requestFile OUT = %responseFile URL = "%url" SOAPACTION = "%action" WSSUSERNAME = "%user" WSSPASSWORD = "%generatePassword(timestamp, requestID)" ; RUN;
in this example how do i get the fields timestamp and requestID?
Note: timestamp is created by the server and can not be generated with datetime()
Thanks and Greets