WSSE UsernameToken rejected by server without modifications

[timconnolly]

There seems to be a problem with the way that wsse:Nonce, wsu:Created, and the password digest are built. I was unable to authenticate without making changes to the v0.8.5 code.

In regards to the timestamp:
http://www.oasis-open.org/committees/download.php/21256/wss-v1.1-spec-errata-os-SOAPMessageSecurity.htm#_Toc118717167 states that "All times MUST be in UTC format".

I am currently using the following monkey patch to build the nonce and digest:

class Savon::WSSE
  def wsse_username_token
    if digest?
      wsse_security "UsernameToken",
        "wsse:Username" => username,
        "wsse:Nonce" => Base64.encode64(nonce).chomp!,
        "wsu:Created" => timestamp,
        "wsse:Password" => digest_password,
        :attributes! => { "wsse:Password" => { "Type" => PasswordDigestURI } }
    else
      wsse_security "UsernameToken",
        "wsse:Username" => username,
        "wsse:Password" => password,
        :attributes! => { "wsse:Password" => { "Type" => PasswordTextURI } }
    end
  end

  def digest_password
    token = nonce + timestamp + password
    Base64.encode64(Digest::SHA1.digest(token)).chomp!
  end

  def nonce
    @nonce ||= Digest::SHA1.digest random_string + timestamp
  end

  def timestamp
      @timestamp ||= Time.now.utc.xs_datetime
  end
end

module Savon::CoreExt::Time
  def xs_datetime
      strftime "%Y-%m-%dT%H:%M:%SZ"
  end
end

[rubiii]

to summarize, you changed the following three lines of code:

# Savon::WSSE#wsse_username_token (line 4)
"wsse:Nonce" => Base64.encode64(nonce).chomp!

# Savon::WSSE#timestamp (line 1)
@timestamp ||= Time.now.utc.xs_datetime

# Savon::CoreExt::Time#xs_datetime
strftime "%Y-%m-%dT%H:%M:%SZ"

do you still have to monkey patch this in a more recent version of savon?
and can you (or anybody else) elaborate on why this needs to be changed?

[rubiii]

closing this issue as it's better represented by rubiii/akami#1