RequireIssuerSerialReference in the SecurityTokenReference

[ychawla]

Hello, Thanks for putting together a Ruby Implementation for ws-security. It is a great library.

Currently the SecurityTokenReference creates a reference to the Binary Security Token Reference. In the project I am working, the WSDL requires an IssuerSerialReference for the x509 Token:

<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
    <wsp:Policy>
    <sp:RequireIssuerSerialReference />
    <sp:WssX509V3Token10 />
  </wsp:Policy>

Would it be feasible to update the binary_security_token_node method in signer.rb to optionally include the X509IssuerSerial rather than just a reference. Maybe this could be a config switch?

An example XML snippet is here:

 <wsse:SecurityTokenReference
     xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
     wsu:Id="STR-c611951a-716b-4679-ad0b-58d07f25d839">
     <ds:X509Data>
         <ds:X509IssuerSerial>
           <ds:X509IssuerName>1.2.840.113549.1.9.1=#161961646d696e6973747261746f72407665726d6f6e742e676f76,CN=someCN,OU=someUR,O=ORG,L=City,ST=State,C=US</ds:X509IssuerName>
             <ds:X509SerialNumber>17878663088277022668</ds:X509SerialNumber>
         </ds:X509IssuerSerial>
     </ds:X509Data>
 </wsse:SecurityTokenReference>

The method x509_data_node does something similar but it includes the x509 data in a different node and not the wsse:SecurityTokenReference.

Thanks! Yogesh

[ebeigarts]

@ychawla sounds good, not sure what would be the best way to configure this, haven't used signer in a while, anyway pull requests are welcome :)

[ychawla]

Thanks, I am not a Ruby expert but I am the web service provider. I will work with the client who is a Ruby expert and see if we can do a pull request and add this feature.