Author: coheigea
Date: Fri Dec 24 10:41:15 2010
New Revision: 1052477
URL: http://svn.apache.org/viewvc?rev=1052477&view=rev
Log:
[WSS-262] - A fix for accepting Timestamps that are in the future.
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java?rev=1052477&r1=1052476&r2=1052477&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
Fri Dec 24 10:41:15 2010
@@ -257,7 +257,7 @@ public class Timestamp {
/**
* Return true if the "Created" value is before the current time minus the
timeToLive
- * argument.
+ * argument, and if the Created value is not "in the future".
*
* @param timeToLive
* the limit on the receivers' side, that the timestamp is
validated against
@@ -266,8 +266,16 @@ public class Timestamp {
public boolean verifyCreated(
int timeToLive
) {
- // Calculate the time that is allowed for the message to travel
Date validCreation = new Date();
+ // Check to see if the created time is in the future
+ if (createdDate != null && createdDate.after(validCreation)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Validation of Timestamp: The message was created in
the future!");
+ }
+ return false;
+ }
+
+ // Calculate the time that is allowed for the message to travel
long currentTime = validCreation.getTime() - timeToLive * 1000;
validCreation.setTime(currentTime);
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java?rev=1052477&r1=1052476&r2=1052477&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
Fri Dec 24 10:41:15 2010
@@ -29,8 +29,12 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.common.SOAPUtil;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import java.text.DateFormat;
+import java.util.Date;
import java.util.List;
/**
@@ -170,6 +174,108 @@ public class TimestampTest extends org.j
}
}
+
+ /**
+ * This is a test for processing an Timestamp where the "Created" element
is in the future.
+ * This Timestamp should be rejected.
+ */
+ @org.junit.Test
+ public void testFutureCreated() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ try {
+ verify(doc, WSSConfig.getNewInstance());
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() ==
WSSecurityException.MESSAGE_EXPIRED);
+ }
+ }
+
+
+ /**
+ * This is a test for processing an Timestamp where the "Created" element
is greater than
+ * the expiration time.
+ */
+ @org.junit.Test
+ public void testExpiresBeforeCreated() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+
+ Date expiresDate = new Date();
+ expiresDate.setTime(expiresDate.getTime() -300000);
+
+ Element elementExpires =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.EXPIRES_LN
+ );
+
elementExpires.appendChild(doc.createTextNode(zulu.format(expiresDate)));
+ timestampElement.appendChild(elementExpires);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ try {
+ verify(doc, WSSConfig.getNewInstance());
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() ==
WSSecurityException.MESSAGE_EXPIRED);
+ }
+ }
+
/**
* Verifies the soap envelope
