[Xml-compile] Advice on getting "Created", "Expires", and "Nonce" headers into a Security element

David McMath mcdave at stanford.edu
Tue Jul 31 20:30:37 GMT 2012 

Dear List,

The documentation for the web service I'd like to use says I should 
include a Security element into my headers, like the one at the bottom 
of this message.

The documentation I found at

 
https://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf

says that, if Nonce and Created are present, then Password should be 
encrypted according to

   Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )

I started using XML::Compile like six hours ago, so I can't say I've 
scoured the documentation or anything, but I can't find anything to help 
with this.

My best guesses so far are that I'll need to create the Nonce and 
Created elements, concatenate my password together with those values, 
then call XML::Compile::SOAP::WSS->wsseBasicAuth(...$newPassword...) and 
append the Nonce and Created elements to the resulting UsernameToken 
element.  Not much of that makes a lot of sense to me (particularly 
since the return value isn't something I can mess with??), but at least 
it's an English interpretation of what I'm trying to accomplish.

Any advice is much appreciated,

dave

--

...
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
...
      <soap:Header>
           <wsse:Security soap:mustUnderstand="1">
                <wsu:Timestamp wsu:Id="Timestamp-b23cf78f-09f8-4eec-9106-
3a9a52819842">
                     <wsu:Created>2007-04-23T22:37:12Z</wsu:Created>
                     <wsu:Expires>2007-04-23T22:38:12Z</wsu:Expires>
                </wsu:Timestamp>
               <wsse:UsernameToken 
wsu:Id="SecurityToken-8836043e8f9b-4e56-8e2b-5610e9ce280f">
                    <wsse:Username>test</wsse:Username>
                    <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">BXlm1gHnmRQcyShNse5Ne6nQN8I=</wsse:Password>
                    <wsse:Nonce>fYMGg4c/0tZbHZE2pAIOEQ==</wsse:Nonce>
                    <wsu:Created>2007-04-23T22:37:12Z</wsu:Created>
               </wsse:UsernameToken>
          </wsse:Security>
      </soap:Header>

More information about the Xml-compile mailing list