As a follow up, I did figure out how to send the appropriate headers to RT. However, RT is caching the nonce values (this is WSSE authentication via an ATOM client) so it doesn't matter anyway. :-(
But for reference in case anyone needs it, here's what I added to RT/Client.pm. X-WSSE and Authentication are definitely required. I couldn't quickly determine if the WWW-Authenticate header is required by the spec so I sent it along anyway (after trying it both ways).
my ($username, $password) = $ua->get_basic_credentials("Support");
# This code is culled from XML::Atom::Client::munge_request().
my $nonce = XML::Atom::Client::make_nonce();
+
my $nonce_enc = encode_base64($nonce, '');
+
my $now = DateTime->now->iso8601 . 'Z';
+
my $digest = encode_base64(sha1($nonce . $now . ($password || '')), ''
+);
$ua->default_header('WWW-Authenticate', 'WSSE realm="Support", profile
+="UsernameToken"');
+
$ua->default_header('Authorization', 'WSSE profile="UsernameToken"');
$ua->default_header('X-WSSE', sprintf
+
qq(UsernameToken Username="%s", PasswordDigest="%s",
+Nonce="%s", Created="%s"),
+
$username || '', $digest, $nonce_enc, $now);
|