ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wer...@apache.org
Subject svn commit: r345243 - in /webservices/wss4j/trunk/src/org/apache/ws/security: handler/WSHandler.java handler/WSHandlerConstants.java message/token/Timestamp.java processor/TimestampProcessor.java
Date Thu, 17 Nov 2005 14:17:27 GMT
Author: werner
Date: Thu Nov 17 06:17:19 2005
New Revision: 345243

URL: http://svn.apache.org/viewcvs?rev=345243&view=rev
Log:
Some fixes to make timestamp handling more compliant
to WSS specification (optional fields, exeption only
if timestampStrict=true)

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
    webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Thu Nov 17 06:17:19
2005
@@ -219,6 +219,7 @@
         WSSConfig wssConfig = WSSConfig.getNewInstance();
         wssConfig
 	    .setEnableSignatureConfirmation(decodeEnableSignatureConfirmation(reqData));
+        wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
         reqData.setWssConfig(wssConfig);
 
         if ((doAction & WSConstants.SIGN) == WSConstants.SIGN) {
@@ -527,6 +528,22 @@
 	throw new WSSecurityException(
 		   "WSHandler: illegal precisionInMilliSeconds parameter");
     }
+
+    protected boolean decodeTimestampStrict(RequestData reqData) 
+	throws WSSecurityException {
+        boolean precisionInMilliSeconds = true;
+        String value = getString(WSHandlerConstants.TIMESTAMP_STRICT,
+				 reqData.getMsgContext());
+
+        if (value == null) {return true;}
+
+	if ("0".equals(value) || "false".equals(value)) {return false;} 
+	if ("1".equals(value) || "true".equals(value)) {return true;}
+
+	throw new WSSecurityException(
+		   "WSHandler: illegal timestampStrict parameter");
+    }
+
 
     /**
      * Get a password to construct a UsernameToken or sign a message.

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandlerConstants.java Thu
Nov 17 06:17:19 2005
@@ -660,7 +660,17 @@
      * Should timestamps have precision in milliseconds
      */
     public static final String TIMESTAMP_PRECISION = "precisionInMilliseconds";
-
+    
+    /**
+     * Set the value of this parameter to true to enable strict timestamp
+     * handling.
+     * 
+     * Strict Timestamp handling: throw an exception if a Timestamp contains
+     * an <code>Expires</code> element and the semantics of the request are
+     * expired, i.e. the current time at the receiver is past the expires time. 
+     */
+    public static final String TIMESTAMP_STRICT = "timestampStrict";
+    
     /**
      * Define the parameter values to set the key identifier types. These are:
      * <ul>

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java Thu Nov
17 06:17:19 2005
@@ -65,11 +65,8 @@
         
         customElements = new Vector();
 
-        String strCreated = "";
-        String strExpires = "";
-
-        created = Calendar.getInstance();
-        expires = Calendar.getInstance();
+        String strCreated = null;
+        String strExpires = null;
 
         for (Node currentChild = element.getFirstChild();
              currentChild != null;
@@ -77,10 +74,22 @@
             if (currentChild instanceof Element) {
                 if (WSConstants.CREATED_LN.equals(currentChild.getLocalName()) &&
                         WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
-                    strCreated = ((Text) ((Element) currentChild).getFirstChild()).getData();
+                	if (strCreated == null) {
+                		strCreated = ((Text) ((Element) currentChild).getFirstChild()).getData();
+                	}
+                	else {
+                        throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
+                                "invalidTimestamp");
+                	}
                 } else if (WSConstants.EXPIRES_LN.equals(currentChild.getLocalName()) &&
                         WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
-                    strExpires = ((Text) ((Element) currentChild).getFirstChild()).getData();
+                	if (strExpires == null) {
+                		strExpires = ((Text) ((Element) currentChild).getFirstChild()).getData();
+                	}
+                	else {
+                        throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
+                        "invalidTimestamp");                		
+                	}
                 } else {
                     customElements.add((Element) currentChild);
                 }
@@ -90,8 +99,14 @@
         DateFormat zulu = new XmlSchemaDateFormat();;
         
         try {
-            created.setTime(zulu.parse(strCreated));
-            expires.setTime(zulu.parse(strExpires));
+        	if (strCreated != null) {
+                created = Calendar.getInstance();
+        		created.setTime(zulu.parse(strCreated));
+        	}
+        	if (strExpires != null) {
+                expires = Calendar.getInstance();
+        		expires.setTime(zulu.parse(strExpires));
+        	}
         } catch (ParseException e) {
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY,
                     "invalidTimestamp",

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java?rev=345243&r1=345242&r2=345243&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java Thu
Nov 17 06:17:19 2005
@@ -52,22 +52,33 @@
     }
 
     public void handleTimestamp(Timestamp timestamp) throws WSSecurityException {
-        if (log.isDebugEnabled()) {
-            log.debug("Preparing to verify the timestamp");
+		if (log.isDebugEnabled()) {
+			log.debug("Preparing to verify the timestamp");
 
-            DateFormat zulu = new XmlSchemaDateFormat();
+			DateFormat zulu = new XmlSchemaDateFormat();
 
-            log.debug("Current time: " + zulu.format(Calendar.getInstance().getTime()));
-            log.debug("Timestamp created: " + zulu.format(timestamp.getCreated().getTime()));
-            log.debug("Timestamp expires: " + zulu.format(timestamp.getExpires().getTime()));
-        }
+			log.debug("Current time: "
+					+ zulu.format(Calendar.getInstance().getTime()));
+			if (timestamp.getCreated() != null) {
+				log.debug("Timestamp created: "
+						+ zulu.format(timestamp.getCreated().getTime()));
+			}
+			if (timestamp.getExpires() != null) {
+				log.debug("Timestamp expires: "
+						+ zulu.format(timestamp.getExpires().getTime()));
+			}
+		}
 
-        // Validate whether the security semantics have expired
-        Calendar rightNow = Calendar.getInstance();
-        if (timestamp.getExpires().before(rightNow)) {
-            throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "invalidTimestamp",
new Object[]{"The security semantics of message have expired"});
-        }
+		// Validate whether the security semantics have expired
+		Calendar rightNow = Calendar.getInstance();
+		Calendar exp = timestamp.getExpires();
+		if (exp != null && exp.before(rightNow)) {
+			throw new WSSecurityException(
+					WSSecurityException.INVALID_SECURITY,
+					"invalidTimestamp",
+					new Object[] { "The security semantics of message have expired" });
+		}
 
-        return;
-    }
+		return;
+	}
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message