Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert and timestamp can't be together? #15

Open
rderoldan1 opened this issue Sep 12, 2014 · 5 comments
Open

cert and timestamp can't be together? #15

rderoldan1 opened this issue Sep 12, 2014 · 5 comments

Comments

@rderoldan1
Copy link

@tjarratt I just found something that I consider an issue, if signature and timestamp are true, just signature header is returned

  # Returns the XML for a WSSE header.
    def to_xml
      if signature? and signature.have_document?
         Gyoku.xml wsse_signature1.merge!(hash)
      elsif username_token? && timestamp?
          Gyoku.xml wsse_username_token.merge!(wsu_timestamp) {
          |key, v1, v2| v1.merge!(v2) {
            |key, v1, v2| v1.merge!(v2)
          }
        }
      elsif username_token?
        Gyoku.xml wsse_username_token.merge!(hash)
      elsif timestamp?
        Gyoku.xml wsu_timestamp.merge!(hash)
      else
        ""
      end
    end

The if clause is not considering the case of have signed? and timestamp?, I fix it (in a really ugly way) but for testing purposes it works, I don't know if is not really comment to have timestamps and the cert headers together, but what do you think?

# Returns the XML for a WSSE header.
    def to_xml
      if signature? and signature.have_document?
        if timestamp?
          wsse_signature1 = {}
          wsse_signature1["wsse:Security"] = wsse_signature["wsse:Security"].merge!(wsu_timestamp["wsse:Security"])
          wsse_signature1["wsse:Security"][:order!] << "wsu:Timestamp"
          Gyoku.xml wsse_signature1
        else
          Gyoku.xml wsse_signature.merge!(hash)
        end
      elsif username_token? && timestamp?
          Gyoku.xml wsse_username_token.merge!(wsu_timestamp) {
          |key, v1, v2| v1.merge!(v2) {
            |key, v1, v2| v1.merge!(v2)
          }
        }
      elsif username_token?
        Gyoku.xml wsse_username_token.merge!(hash)
      elsif timestamp?
        Gyoku.xml wsu_timestamp.merge!(hash)
      else
        ""
      end
    end
@tjarratt
Copy link
Contributor

Oh gosh, that if elsif block. The horror!

All joking aside, this is a rather annoying issue that you discovered @rderoldan1. I would have expected this to work, but since support for these various parts of Akami have come about piece by piece I suppose it's natural that this would have been left out.

For now, would you mind issuing this as a pull request along with a spec for this behavior? Once we have some tests, it should be easy to go and refactor this to clean up the implementation.

@drn drn mentioned this issue Dec 2, 2014
Closed
@eiapopeia eiapopeia mentioned this issue Nov 10, 2015
Closed
@eiapopeia
Copy link

The patch worked for me. Thanks.

@eiapopeia
Copy link

I added a new pull request #25
With this you can have timestamps and signatures at the same time and also have them signed. See the all new specs for usage examples!

@jim0020
Copy link

jim0020 commented Aug 13, 2016

Is this pull request going to get accepted? I'm having the same issue, monkey patching for now.

@brent-clintel
Copy link

Also hoping for this to be accepted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tjarratt @eiapopeia @jim0020 @rderoldan1 @brent-clintel