Adjusting the clock would probably be harder. I'm on a big government network and that is out of my control. I ran time.is from my computer, varies from + .005 seconds to +.128 second.
-----Original Message----- From: Colm O hEigeartaigh <[email protected]> Sent: Monday, April 26, 2021 1:38 AM To: [email protected] Subject: Re: Adjust cxf client timestamp start time to fix incorrect timestamp soapfault from DataPower Think twice before clicking on links or opening attachments. This email came from outside our organization and might not be safe. If you are not expecting an attachment, contact the sender before opening it. Hi, It's not easily possible to change the "created" timestamp on the outbound side. I suggest instead you sync your system clock so that it is correct. Colm. On Wed, Apr 21, 2021 at 8:26 PM Wilken Marci J <[email protected]> wrote: > > > Is it possible to adjust the start time of a timestamp by a few second on a > CXF client? > > I am using the apache camel cxf component from Redhat > 2.21.0.fuse-730078-redhat-00001. > I am making a call to the partner Data Power server that requires a timestamp > for. It is working about 75% of the time. When it doesn't work I get this > error back > Response-Code: 500 > Encoding: ISO-8859-1 > Content-Type: text/xml > Headers: {Connection=[close], Content-Type=[text/xml], > X-Backside-Transport=[FAIL FAIL]} > Payload: <?xml version="1.0" encoding="UTF-8"?> <env:Envelope > xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring> > Incorrect Timestamp > (from > client)</faultstring></env:Fault></env:Body></env:Envelope> > > According to the partner this is because my time stamp is future dated, > because our system time is slightly ahead of their time. Their suggestion is > to adjust my timestamp by a second but I haven't been able to locate any > thing I could set on the client side . > > I did find this but it would be server side not client side. > ws-security.timestamp.futureTimeToLive The time in seconds in the future > within which the Created time of an incoming Timestamp is valid. The default > value is "60". See here for more information. > This is my configuration > > <cxf:cxfEndpoint > > address="{{mci.ws.protocol}}://{{mci.ws.domain}}:{{mci.ws.port}}/{{mci.ws.service}}" > id="serviceEndPoint" serviceClass="mci.hbe.ky.IMciService" > wsdlURL="wsdl/MciService_stl2_2020.05.20.wsdl" > xmlns:s="http://Ky.Hbe.Mci";> > <cxf:inInterceptors> > <ref bean="loggingInInterceptor"/> > </cxf:inInterceptors> > <cxf:outInterceptors> > <ref bean="loggingOutInterceptor"/> > </cxf:outInterceptors> > <cxf:inFaultInterceptors> > <ref bean="loggingInInterceptor"/> > </cxf:inFaultInterceptors> > <cxf:outFaultInterceptors> > <ref bean="loggingOutInterceptor"/> > </cxf:outFaultInterceptors> > <cxf:properties> > <entry key="ws-security.timestamp.timeToLive" value="600"/> > <entry key="ws-security.timestamp.futureTimeToLive " value="60"/> > <entry key="hostnameverifier" value="hostnameVerifier"/> > <entry key="ws-security.must-understand" value="false"/> > <entry key="ws-security.enable.timestamp" value="true"/> > <entry key="ws-security.enable.timestamp.cache" value="false"/> > <entry key="loggingFeatureEnabled" value="true"/> > </cxf:properties> > </cxf:cxfEndpoint> > <http-conf:conduit > name="{https://urldefense.com/v3/__http://Ky.Hbe.Mci*7DMciBasicHttpEndpoint.http-conduit__;JQ!!OxGzbBZ6!MV8AhOcZXx7eqNckweQHL4c93CbTVGnw_nlLT0IiM7lXPuXym2wLxVO1zgxa9kSzvjv77k7nTz-n$ > "> > <http-conf:client AllowChunking="false" Connection="Keep-Alive" > ConnectionTimeout="30000" MaxRetransmits="4" > ReceiveTimeout="15000"/> > <http-conf:tlsClientParameters disableCNCheck="false"> > <sec:keyManagers keyPassword="${server.keymanager.password}"> > <sec:keyStore password="${server.keystore.password}" > > resource="${jboss.home.dir}\opts\certs\${server.keystore}" type="JKS"/> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore password="${server.truststore.password}" > > resource="${jboss.home.dir}\opts\certs\${server.truststore}" type="JKS"/> > </sec:trustManagers> > <sec:cipherSuites> > > <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite> > </sec:cipherSuites> > <sec:cipherSuitesFilter> > <sec:include>.*_EXPORT_.*</sec:include> > <sec:include>.*_EXPORT1024_.*</sec:include> > <sec:include>.*_WITH_DES_.*</sec:include> > <sec:exclude>.*WITH_NULL.*</sec:exclude> > <sec:exclude>.*DH_anon.*</sec:exclude> > </sec:cipherSuitesFilter> > </http-conf:tlsClientParameters> > </http-conf:conduit> > > > Thanks Marci
