ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1052477 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/message/token/Timestamp.java test/java/org/apache/ws/security/message/TimestampTest.java
Date Fri, 24 Dec 2010 10:41:15 GMT
Author: coheigea
Date: Fri Dec 24 10:41:15 2010
New Revision: 1052477

URL: http://svn.apache.org/viewvc?rev=1052477&view=rev
Log:
[WSS-262] - A fix for accepting Timestamps that are in the future.

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java?rev=1052477&r1=1052476&r2=1052477&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
Fri Dec 24 10:41:15 2010
@@ -257,7 +257,7 @@ public class Timestamp {
     
     /**
      * Return true if the "Created" value is before the current time minus the timeToLive
-     * argument.
+     * argument, and if the Created value is not "in the future".
      * 
      * @param timeToLive
      *            the limit on the receivers' side, that the timestamp is validated against
@@ -266,8 +266,16 @@ public class Timestamp {
     public boolean verifyCreated(
         int timeToLive
     ) {
-        // Calculate the time that is allowed for the message to travel
         Date validCreation = new Date();
+        // Check to see if the created time is in the future
+        if (createdDate != null && createdDate.after(validCreation)) {
+            if (LOG.isDebugEnabled()) {
+                LOG.debug("Validation of Timestamp: The message was created in the future!");
+            }
+            return false;
+        }
+        
+        // Calculate the time that is allowed for the message to travel
         long currentTime = validCreation.getTime() - timeToLive * 1000;
         validCreation.setTime(currentTime);
 

Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java?rev=1052477&r1=1052476&r2=1052477&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
(original)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
Fri Dec 24 10:41:15 2010
@@ -29,8 +29,12 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.common.SOAPUtil;
 import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
+import java.text.DateFormat;
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -170,6 +174,108 @@ public class TimestampTest extends org.j
         }  
     }
     
+    
+    /**
+     * This is a test for processing an Timestamp where the "Created" element is in the future.
+     * This Timestamp should be rejected.
+     */
+    @org.junit.Test
+    public void testFutureCreated() throws Exception {
+        
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Element timestampElement = 
+            doc.createElementNS(
+                WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.TIMESTAMP_TOKEN_LN
+            );
+
+        DateFormat zulu = new XmlSchemaDateFormat();
+        Element elementCreated =
+            doc.createElementNS(
+                WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN
+            );
+        Date createdDate = new Date();
+        long currentTime = createdDate.getTime() + 300000;
+        createdDate.setTime(currentTime);
+        elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+        timestampElement.appendChild(elementCreated);
+
+        secHeader.getSecurityHeader().appendChild(timestampElement);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        //
+        // Do some processing
+        //
+        try {
+            verify(doc, WSSConfig.getNewInstance());
+            fail("The timestamp validation should have failed");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.MESSAGE_EXPIRED); 
+        }
+    }
+    
+    
+    /**
+     * This is a test for processing an Timestamp where the "Created" element is greater
than
+     * the expiration time.
+     */
+    @org.junit.Test
+    public void testExpiresBeforeCreated() throws Exception {
+        
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Element timestampElement = 
+            doc.createElementNS(
+                WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.TIMESTAMP_TOKEN_LN
+            );
+
+        DateFormat zulu = new XmlSchemaDateFormat();
+        Element elementCreated =
+            doc.createElementNS(
+                WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.CREATED_LN
+            );
+        Date createdDate = new Date();
+        long currentTime = createdDate.getTime() + 300000;
+        createdDate.setTime(currentTime);
+        elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+        timestampElement.appendChild(elementCreated);
+        
+        Date expiresDate = new Date();
+        expiresDate.setTime(expiresDate.getTime() -300000);
+
+        Element elementExpires =
+            doc.createElementNS(
+                WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + WSConstants.EXPIRES_LN
+            );
+        elementExpires.appendChild(doc.createTextNode(zulu.format(expiresDate)));
+        timestampElement.appendChild(elementExpires);
+
+        secHeader.getSecurityHeader().appendChild(timestampElement);
+        
+        if (LOG.isDebugEnabled()) {
+            String outputString = 
+                org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+        //
+        // Do some processing
+        //
+        try {
+            verify(doc, WSSConfig.getNewInstance());
+            fail("The timestamp validation should have failed");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.MESSAGE_EXPIRED); 
+        }
+    }
+    
 
     /**
      * Verifies the soap envelope



Mime
View raw message