Re: APP Interop logistics + Servers Up?

[Sam Ruby <rubys@xxxxxxxxxxxxxxxx>]

Tim Bray wrote:
> On Apr 15, 2007, at 10:26 PM, Tim Bray wrote:
>
> > On Apr 15, 2007, at 7:17 PM, ASAKURA Hiroshi wrote:
> >
> > >  Thank you DeWitt :)
> > >  I'll also open endpoint of my server, but it requires WSSE
> > > authentication. Does anyone implement it on client? If no one have WSSE
> > > implementation, I'll remove authentication of it.
> >
> > /me goes looking for WSSE code in ruby...
>
> Well, thanks for input to the two people who dug up code... 
> unfortunately neither sample actually ran.  The following runs; tomorrow 
> we'll find out if it interoperates:
>
> ========================================
> require 'base64'
> require 'digest/sha1'
>
> def wsse_authenticate
>   user, pass = "tim", "foo"
>   nonce = Array.new(10){ rand(0x100000000) }.pack('I*')
>   nonce_b64 = [nonce].pack("m").chomp
>   now = Time.now.strftime("%FT%TZ")
>   digest = [Digest::SHA1.digest(nonce + now + pass)].pack("m").chomp
>
>   %Q<UsernameToken Username="#{user}", PasswordDigest="#{digest}", 
> Nonce="#{nonce_b64}", Created="#{now}">
> end
>
> puts wsse_authenticate # this goes in an X-WSSE: header

It looks to me like the nonce that you use for the digest (nonce) and 
the nonce that you put into the header (nonce_b64) are different.

I'd suggest something like this for the nonce:

  nonce = rand(16**32).to_s(16)

I'd also suggest inserting ".gmtime" into the computation of 'now'

- Sam Ruby