svn commit: r1703134 - in /webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src: main/java/org/apache/wss4j/dom/validate/TimestampValidator.java test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java

Tue, 15 Sep 2015 02:48:46 -0700 

Author: coheigea
Date: Tue Sep 15 09:48:10 2015
New Revision: 1703134

URL: http://svn.apache.org/r1703134
Log:
[WSS-554] - Improved error message for timestamp in the future

Modified:
    
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
    
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java

Modified: 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java?rev=1703134&r1=1703133&r2=1703134&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
 (original)
+++ 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
 Tue Sep 15 09:48:10 2015
@@ -57,13 +57,21 @@ public class TimestampValidator implemen
         }
         
         Timestamp timeStamp = credential.getTimestamp();
-        // Validate whether the security semantics have expired
-        if (timeStampStrict && timeStamp.isExpired()
-            || !timeStamp.verifyCreated(timeStampTTL, futureTimeToLive)) {
+        
+        // See if the Timestamp has expired
+        if (timeStampStrict && timeStamp.isExpired()) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
+                "invalidTimestamp",
+                new Object[] {"The message timestamp has expired"});
+        }
+        
+        // Validate the Created date
+        if (!timeStamp.verifyCreated(timeStampTTL, futureTimeToLive)) {
             throw new WSSecurityException(
                 WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
                 "invalidTimestamp",
-                new Object[] {"The security semantics of the message have 
expired"});
+                new Object[] {"The message timestamp is out of range"});
         }
         
         if (data.isRequireTimestampExpires() && timeStamp.getExpires() == 
null) {

Modified: 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java?rev=1703134&r1=1703133&r2=1703134&view=diff
==============================================================================
--- 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java
 (original)
+++ 
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java
 Tue Sep 15 09:48:10 2015
@@ -125,7 +125,7 @@ public class FaultCodeTest extends org.j
             fail("Failure expected on an expired message");
         } catch (WSSecurityException ex) {
             assertTrue(ex.getErrorCode() == 
WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
-            assertEquals("Invalid timestamp: The security semantics of the 
message have expired", ex.getMessage());
+            assertEquals("Invalid timestamp: The message timestamp has 
expired", ex.getMessage());
             QName faultCode = new QName(WSConstants.WSSE_NS, "MessageExpired");
             assertTrue(ex.getFaultCode().equals(faultCode));
         }

Reply via email to