I need some help with WSSE Header generations in iOS. The application it's written in Symfony2 which uses sha512 algorithm with 5000 iterations and encode_as_base64 as true. For the mobile app, I found this question for encoding the password: SHA512 with salt for iOS although it's only one iteration. Using a simple loop which includes the last one would suffice it?
We found the code for the Android generation of the WSSE Headers: http://obtao.com/blog/2013/09/how-to-use-wsse-in-android-app/ It is possible to do the same thing in iOS or should we find another way for authentication, like OAuth2?
If you want to reproduce the same encryption as Symfony2 with the 5000 iterations, you can use the following code:
- (NSString *)hashPassword:(NSString *)password ansSalt:(NSString *)salt {
NSString *passwordSalted = [NSString stringWithFormat:@"%@{%@}",password,salt];
NSData *passwordData = [passwordSalted dataUsingEncoding:NSUTF8StringEncoding];
uint8_t hash[CC_SHA512_DIGEST_LENGTH];
CC_SHA512([passwordData bytes], [passwordData length], hash);
NSMutableData *allData = [[NSMutableData alloc] init];
[allData appendBytes:hash length:CC_SHA512_DIGEST_LENGTH];
for (NSInteger i = 1; i < 5000; i++) {
[allData appendBytes:[passwordData bytes] length:[passwordData length]];
uint8_t hashLoop[CC_SHA512_DIGEST_LENGTH];
CC_SHA512([allData bytes], [allData length], hashLoop);
[allData setLength:0];
[allData appendBytes:hashLoop length:CC_SHA512_DIGEST_LENGTH];
}
NSData *imageData = [NSData dataWithBytes:[allData bytes] length:[allData length]];
return [imageData base64EncodedStringWithOptions:0];
}
Don't forgot to import CommonDigest.h:
#import <CommonCrypto/CommonDigest.h>
For SHA512 try the following:
#import <CommonCrypto/CommonDigest.h>
+ (NSData *)sha512:(NSData *)data {
unsigned char hash[CC_SHA512_DIGEST_LENGTH];
if ( CC_SHA512([data bytes], [data length], hash) ) {
NSData *sha512 = [NSData dataWithBytes:hash length:CC_SHA512_DIGEST_LENGTH];
return sha512;
}
return nil;
}
for WSSE headers check out https://github.com/laiso/CocoaWSSE
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 姐就是有狂的资本 的文章《How to use WSSE in iOS with salted sha512 with mor》','https://www.manongdao.com/article-895347.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}