Author: amilaj
Date: Tue Feb 14 12:16:18 2012
New Revision: 1243894
URL: http://svn.apache.org/viewvc?rev=1243894&view=rev
Log:
Fixing issue RAMPART-357. Applying the patch provided
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1243894&r1=1243893&r2=1243894&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Tue Feb 14 12:16:18 2012
@@ -196,8 +196,9 @@ public class PolicyBasedResultsValidator
* Perform further checks on the timestamp that was transmitted in the
* header.
* In the following implementation the timestamp is valid if :
- * Timestamp->Created < 'now' < Timestamp->Expires (Last test already
handled by WSS4J)
- *
+ * Timestamp->Created < 'now' < Timestamp->Expires.
+ * (Last test handled by WSS4J also if timeStampStrict enabled)
+ *
* Note: the method verifyTimestamp(Timestamp) allows custom
* implementations with other validation algorithms for subclasses.
*/
@@ -648,27 +649,45 @@ public class PolicyBasedResultsValidator
((rpd.getInitiatorToken() != null && rmd.isInitiator())
|| rpd.getRecipientToken() != null &&
!rmd.isInitiator()));
}
-
+
/*
- * Verify that ts->Created is before 'now'
- * - testing that timestamp has not expired ('now' is before ts->Expires)
is handled earlier by WSS4J
- * TODO must write unit tests
- */
+ * Verify whether timestamp of the message is valid.
+ * If timeStampStrict is enabled in rampartConfig; testing of timestamp has
not expired
+ * ('now' is before ts->Expires) is also handled earlier by WSS4J without
timeskew.
+ * TODO must write unit tests
+ */
protected boolean verifyTimestamp(Timestamp timestamp, RampartMessageData
rmd) throws RampartException {
+ long maxSkew = RampartUtil.getTimestampMaxSkew(rmd);
+
+ //Verify that ts->Created is before 'now'
Date createdTime = timestamp.getCreated();
if (createdTime != null) {
long now = Calendar.getInstance().getTimeInMillis();
- // adjust 'now' with allowed timeskew
- long maxSkew = RampartUtil.getTimestampMaxSkew( rmd );
- if( maxSkew > 0 ) {
+ //calculate the tolerance limit for timeskew of the 'Created' in
timestamp
+ if (maxSkew > 0) {
now += (maxSkew * 1000);
}
-
+
// fail if ts->Created is after 'now'
- if( createdTime.getTime() > now ) {
+ if (createdTime.getTime() > now) {
+ return false;
+ }
+ }
+
+ //Verify that ts->Expires is after now.
+ Date expires = timestamp.getExpires();
+
+ if (expires != null) {
+ long now = Calendar.getInstance().getTimeInMillis();
+ //calculate the tolerance limit for timeskew of the 'Expires' in
timestamp
+ if (maxSkew > 0) {
+ now -= (maxSkew * 1000);
+ }
+ //fail if ts->Expires is before 'now'
+ if (expires.getTime() < now) {
return false;
}
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1243894&r1=1243893&r2=1243894&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
Tue Feb 14 12:16:18 2012
@@ -170,6 +170,9 @@ public class RampartMessageData {
this.msgContext = msgCtx;
try {
+
+ // Set the WSSConfig
+ this.config = WSSConfig.getNewInstance();
// First obtain the axis service as we have to do a null check,
there can be situations
// where Axis Service is null
@@ -339,27 +342,23 @@ public class RampartMessageData {
msgContext.setProperty(SCT_ID,
outMsgCtx.getProperty(SCT_ID));
}
}
-
- // Check whether RampartConfig is present
- if (this.policyData != null && this.policyData.getRampartConfig()
!= null) {
-
- boolean timestampPrecisionInMilliseconds =
Boolean.valueOf(this.policyData
-
.getRampartConfig().getTimestampPrecisionInMilliseconds()).booleanValue();
-
- // This is not the default behavior, we clone the default
WSSConfig to prevent this
- // affecting globally
- if (timestampPrecisionInMilliseconds ==
WSSConfig.getNewInstance()
-
.isPrecisionInMilliSeconds()) {
- this.config = WSSConfig.getNewInstance();
- } else {
- this.config = RampartUtil.getWSSConfigInstance();
-
this.config.setPrecisionInMilliSeconds(timestampPrecisionInMilliseconds);
- }
- } else {
- this.config = WSSConfig.getNewInstance();
- }
-
- // To handle scenarios where password type is not set by default.
+
+ // Check whether RampartConfig is present
+ if (this.policyData != null && this.policyData.getRampartConfig()
!= null) {
+
+ boolean timestampPrecisionInMilliseconds = this.policyData
+ .getRampartConfig().isDefaultTimestampPrecisionInMs();
+ boolean timestampStrict =
this.policyData.getRampartConfig().isTimeStampStrict();
+
+
+ // We do not need earlier logic as now WSS4J returns a new
instance of WSSConfig, rather
+ // than a singleton instance. Therefore modifying logic as
follows,
+ this.config.setTimeStampStrict(timestampStrict);
+
this.config.setPrecisionInMilliSeconds(timestampPrecisionInMilliseconds);
+
+ }
+
+ // To handle scenarios where password type is not set by default.
this.config.setHandleCustomPasswordTypes(true);
if (axisService != null) {
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java?rev=1243894&r1=1243893&r2=1243894&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
Tue Feb 14 12:16:18 2012
@@ -154,6 +154,12 @@ public class RampartConfigBuilder implem
rampartConfig.setOptimizeParts(config);
}
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TIMESTAMP_STRICT_LN));
+ if (childElement != null) {
+ rampartConfig.setTimeStampStrict(childElement.getText().trim());
+ }
+
return rampartConfig;
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java?rev=1243894&r1=1243893&r2=1243894&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
Tue Feb 14 12:16:18 2012
@@ -106,6 +106,8 @@ public class RampartConfig implements As
public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+ public final static String TIMESTAMP_STRICT_LN = "timestampStrict";
+
public final static String NONCE_LIFE_TIME = "nonceLifeTime";
public final static String OPTIMISE_PARTS = "optimizeParts";
@@ -135,6 +137,7 @@ public class RampartConfig implements As
private CryptoConfig stsCryptoConfig;
private String timestampPrecisionInMilliseconds =
Boolean.toString(DEFAULT_TIMESTAMP_PRECISION_IN_MS);
+ private boolean isTimestampPrecisionInMs =
DEFAULT_TIMESTAMP_PRECISION_IN_MS;
private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
@@ -147,6 +150,9 @@ public class RampartConfig implements As
private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
+
+ /*To set timeStampStrict in WSSConfig through rampartConfig - default
value is false*/
+ private boolean timeStampStrict = false;
public SSLConfig getSSLConfig() {
return sslConfig;
@@ -326,15 +332,13 @@ public class RampartConfig implements As
if (getRampartConfigCbClass() != null) {
writer.writeStartElement(NS, RAMPART_CONFIG_CB_CLASS_LN);
writer.writeCharacters(getRampartConfigCbClass());
- writer.writeEndElement();
- }
-
- if (getTimestampPrecisionInMilliseconds() != null) {
- writer.writeStartElement(NS, TS_PRECISION_IN_MS_LN);
- writer.writeCharacters(getTimestampPrecisionInMilliseconds());
writer.writeEndElement();
}
-
+
+ writer.writeStartElement(NS, TS_PRECISION_IN_MS_LN);
+
writer.writeCharacters(Boolean.toString(isDefaultTimestampPrecisionInMs()));
+ writer.writeEndElement();
+
if (getTimestampTTL() != null) {
writer.writeStartElement(NS, TS_TTL_LN);
writer.writeCharacters(getTimestampTTL());
@@ -347,6 +351,10 @@ public class RampartConfig implements As
writer.writeEndElement();
}
+ writer.writeStartElement(NS, TIMESTAMP_STRICT_LN);
+ writer.writeCharacters(Boolean.toString(isTimeStampStrict()));
+ writer.writeEndElement();
+
if (getTokenStoreClass() != null) {
writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN);
writer.writeCharacters(getTokenStoreClass());
@@ -396,12 +404,26 @@ public class RampartConfig implements As
return Constants.TYPE_ASSERTION;
}
+ /**
+ * @deprecated As of version 1.7.0, replaced by
isDefaultTimestampPrecisionInMs
+ * @see #isDefaultTimestampPrecisionInMs()
+ * @return Returns "true" or "false".
+ */
+ @Deprecated
public String getTimestampPrecisionInMilliseconds() {
return timestampPrecisionInMilliseconds;
}
+
+ public boolean isDefaultTimestampPrecisionInMs() {
+ return this.isTimestampPrecisionInMs;
+ }
public void setTimestampPrecisionInMilliseconds(String
timestampPrecisionInMilliseconds) {
- this.timestampPrecisionInMilliseconds =
timestampPrecisionInMilliseconds;
+
+ if (timestampPrecisionInMilliseconds != null) {
+ this.timestampPrecisionInMilliseconds =
timestampPrecisionInMilliseconds;
+ this.isTimestampPrecisionInMs =
Boolean.valueOf(timestampPrecisionInMilliseconds);
+ }
}
/**
@@ -457,5 +479,13 @@ public class RampartConfig implements As
public void setStsCryptoConfig(CryptoConfig stsCryptoConfig) {
this.stsCryptoConfig = stsCryptoConfig;
}
+
+ public boolean isTimeStampStrict() {
+ return timeStampStrict;
+ }
+
+ public void setTimeStampStrict(String timeStampStrict) {
+ this.timeStampStrict = Boolean.valueOf(timeStampStrict);
+ }
}
