Author: werner
Date: Thu Nov 17 06:17:19 2005
New Revision: 345243
URL: http://svn.apache.org/viewcvs?rev=345243&view=rev
Log:
Some fixes to make timestamp handling more compliant
to WSS specification (optional fields, exeption only
if timestampStrict=true)
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
Thu Nov 17 06:17:19 2005
@@ -219,6 +219,7 @@
WSSConfig wssConfig = WSSConfig.getNewInstance();
wssConfig
.setEnableSignatureConfirmation(decodeEnableSignatureConfirmation(reqData));
+ wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
reqData.setWssConfig(wssConfig);
if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -527,6 +528,22 @@
throw new WSSecurityException(
"WSHandler: illegal precisionInMilliSeconds parameter");
}
+
+ protected boolean decodeTimestampStrict(RequestData reqData)
+ throws WSSecurityException {
+ boolean precisionInMilliSeconds = true;
+ String value = getString(WSHandlerConstants.TIMESTAMP_STRICT,
+ reqData.getMsgContext());
+
+ if (value == null) {return true;}
+
+ if ("0".equals(value) || "false".equals(value)) {return false;}
+ if ("1".equals(value) || "true".equals(value)) {return true;}
+
+ throw new WSSecurityException(
+ "WSHandler: illegal timestampStrict parameter");
+ }
+
/**
* Get a password to construct a UsernameToken or sign a message.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
Thu Nov 17 06:17:19 2005
@@ -660,7 +660,17 @@
* Should timestamps have precision in milliseconds
*/
public static final String TIMESTAMP_PRECISION = "precisionInMilliseconds";
-
+
+ /**
+ * Set the value of this parameter to true to enable strict timestamp
+ * handling.
+ *
+ * Strict Timestamp handling: throw an exception if a Timestamp contains
+ * an <code>Expires</code> element and the semantics of the request are
+ * expired, i.e. the current time at the receiver is past the expires
time.
+ */
+ public static final String TIMESTAMP_STRICT = "timestampStrict";
+
/**
* Define the parameter values to set the key identifier types. These are:
* <ul>
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
Thu Nov 17 06:17:19 2005
@@ -65,11 +65,8 @@
customElements = new Vector();
- String strCreated = "";
- String strExpires = "";
-
- created = Calendar.getInstance();
- expires = Calendar.getInstance();
+ String strCreated = null;
+ String strExpires = null;
for (Node currentChild = element.getFirstChild();
currentChild != null;
@@ -77,10 +74,22 @@
if (currentChild instanceof Element) {
if (WSConstants.CREATED_LN.equals(currentChild.getLocalName())
&&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
- strCreated = ((Text) ((Element)
currentChild).getFirstChild()).getData();
+ if (strCreated == null) {
+ strCreated = ((Text) ((Element)
currentChild).getFirstChild()).getData();
+ }
+ else {
+ throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY,
+ "invalidTimestamp");
+ }
} else if
(WSConstants.EXPIRES_LN.equals(currentChild.getLocalName()) &&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
- strExpires = ((Text) ((Element)
currentChild).getFirstChild()).getData();
+ if (strExpires == null) {
+ strExpires = ((Text) ((Element)
currentChild).getFirstChild()).getData();
+ }
+ else {
+ throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY,
+ "invalidTimestamp");
+ }
} else {
customElements.add((Element) currentChild);
}
@@ -90,8 +99,14 @@
DateFormat zulu = new XmlSchemaDateFormat();;
try {
- created.setTime(zulu.parse(strCreated));
- expires.setTime(zulu.parse(strExpires));
+ if (strCreated != null) {
+ created = Calendar.getInstance();
+ created.setTime(zulu.parse(strCreated));
+ }
+ if (strExpires != null) {
+ expires = Calendar.getInstance();
+ expires.setTime(zulu.parse(strExpires));
+ }
} catch (ParseException e) {
throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
"invalidTimestamp",
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
URL:
http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
(original)
+++
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
Thu Nov 17 06:17:19 2005
@@ -52,22 +52,33 @@
}
public void handleTimestamp(Timestamp timestamp) throws
WSSecurityException {
- if (log.isDebugEnabled()) {
- log.debug("Preparing to verify the timestamp");
+ if (log.isDebugEnabled()) {
+ log.debug("Preparing to verify the timestamp");
- DateFormat zulu = new XmlSchemaDateFormat();
+ DateFormat zulu = new XmlSchemaDateFormat();
- log.debug("Current time: " +
zulu.format(Calendar.getInstance().getTime()));
- log.debug("Timestamp created: " +
zulu.format(timestamp.getCreated().getTime()));
- log.debug("Timestamp expires: " +
zulu.format(timestamp.getExpires().getTime()));
- }
+ log.debug("Current time: "
+ +
zulu.format(Calendar.getInstance().getTime()));
+ if (timestamp.getCreated() != null) {
+ log.debug("Timestamp created: "
+ +
zulu.format(timestamp.getCreated().getTime()));
+ }
+ if (timestamp.getExpires() != null) {
+ log.debug("Timestamp expires: "
+ +
zulu.format(timestamp.getExpires().getTime()));
+ }
+ }
- // Validate whether the security semantics have expired
- Calendar rightNow = Calendar.getInstance();
- if (timestamp.getExpires().before(rightNow)) {
- throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY, "invalidTimestamp",
new Object[]{"The security semantics of message have expired"});
- }
+ // Validate whether the security semantics have expired
+ Calendar rightNow = Calendar.getInstance();
+ Calendar exp = timestamp.getExpires();
+ if (exp != null && exp.before(rightNow)) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
+ "invalidTimestamp",
+ new Object[] { "The security semantics
of message have expired" });
+ }
- return;
- }
+ return;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
