From c154406f2afc17217b5f459a8f245aa5e5e06aad Mon Sep 17 00:00:00 2001 From: Matthias Benkard Date: Thu, 8 Oct 2009 23:11:39 +0200 Subject: In WSSE authentication, correctly decode the nonce submitted by the client. Ignore-this: 49dc2804a0cc8a3c1eef66315d4e7cab darcs-hash:9cdef053979e0cc217d74468341520a4ef3c537d --- utils.lisp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/utils.lisp b/utils.lisp index 47cfc5a..4bae17e 100644 --- a/utils.lisp +++ b/utils.lisp @@ -393,7 +393,9 @@ ELEMENT-TYPE as the stream's." (time (and (stringp timestamp) (cybertiggyr-time:parse-time timestamp (list (cybertiggyr-time::make-fmt-recognizer "%Y-%m-%dT%H:%M:%SZ"))))) - (nonce (cdr (assoc "nonce" params :test 'equalp))) + (encoded-nonce (cdr (assoc "nonce" params :test 'equalp))) + (nonce (and encoded-nonce + (cl-base64:base64-string-to-string encoded-nonce))) (user (cdr (assoc "username" params :test 'equalp))) (their-digest (cdr (assoc "passworddigest" params :test 'equalp))) (our-digest (and (stringp nonce) -- cgit v1.2.3