RubyForge: WSS4R: Detail: 17884 wsu:Created and wsu:Expires are not optional, while standard claims they are

[#17884] wsu:Created and wsu:Expires are not optional, while standard claims they are

Date:
2008-02-08 02:56 Priority:
3

Submitted By:
Wesha the Leopard (wesha) Assigned To:
Roland Schmitt (schmitr3)

Category:
None State:
Open

Summary:
wsu:Created and wsu:Expires are not optional, while standard claims they are

Detailed description

If either of wsu:Created and wsu:Expires are absent in the received timestamp, WSS4R crashes:

ArgumentError: comparison of Time with nil failed
        from /home/ubuntu/p4/cnuapp/bug/5717/vendor/gems/wss4r-0.5/lib/wss4r/security/xml/timestamp.rb:37:in `<='
        from /home/ubuntu/p4/cnuapp/bug/5717/vendor/gems/wss4r-0.5/lib/wss4r/security/xml/timestamp.rb:37:in `verify'
        from /home/ubuntu/p4/cnuapp/bug/5717/vendor/gems/wss4r-0.5/lib/wss4r/security/xml/security.rb:30:in `unprocess'


The standard sez (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf):


1316  /wsu:Timestamp/wsu:Created 
1317     This represents the creation time of the security semantics.  This element is optional, but 
1318     can only be specified once in a <wsu:Timestamp> element.

1322  /wsu:Timestamp/wsu:Expires 
1323     This element represents the expiration of the security semantics.  This is optional, but 
1324     can appear at most once in a <wsu:Timestamp> element.

Add A Comment:

Please login

Followup

No Followups Have Been Posted

Attached Files:

Name	Description	Download

patch	Patch for bug 17884	Download

Changes:

Field	Old Value	Date	By

assigned_to	none	2008-02-08 02:59	wesha
File Added	3337: patch	2008-02-08 02:58	wesha