ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1673718 - /webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Date Wed, 15 Apr 2015 10:30:16 GMT
Author: coheigea
Date: Wed Apr 15 10:30:16 2015
New Revision: 1673718

URL: http://svn.apache.org/r1673718
Log:
[WSS-533] - Also use signing key when trying to detect message replay attacks

Modified:
    webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java

Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java?rev=1673718&r1=1673717&r2=1673718&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
(original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
Wed Apr 15 10:30:16 2015
@@ -409,7 +409,7 @@ public class SignatureProcessor implemen
             }
             
             // Test for replay attacks
-            testMessageReplay(elem, xmlSignature.getSignatureValue().getValue(), data, wsDocInfo);
+            testMessageReplay(elem, xmlSignature.getSignatureValue().getValue(), key, data,
wsDocInfo);
             
             setElementsOnContext(xmlSignature, (DOMValidateContext)context, wsDocInfo, elem.getOwnerDocument());
             boolean signatureOk = xmlSignature.validate(context);
@@ -628,9 +628,11 @@ public class SignatureProcessor implemen
     }
     
     /**
-     * Test for a replayed message. The cache key is the Timestamp Created String and the
signature value.
+     * Test for a replayed message. The cache key is the Timestamp Created String, the signature

+     * value, and the encoded value of the signing key.
      * @param signatureElement
      * @param signatureValue
+     * @param key
      * @param requestData
      * @param wsDocInfo
      * @throws WSSecurityException
@@ -638,6 +640,7 @@ public class SignatureProcessor implemen
     private void testMessageReplay(
         Element signatureElement,
         byte[] signatureValue,
+        Key key,
         RequestData requestData,
         WSDocInfo wsDocInfo
     ) throws WSSecurityException {
@@ -671,7 +674,8 @@ public class SignatureProcessor implemen
         // Test for replay attacks
         Date created = timeStamp.getCreated();
         DateFormat zulu = new XmlSchemaDateFormat();
-        String identifier = zulu.format(created) + "" + Arrays.hashCode(signatureValue);
+        String identifier = zulu.format(created) + "" + Arrays.hashCode(signatureValue)
+            + "" + Arrays.hashCode(key.getEncoded());
 
         if (replayCache.contains(identifier)) {
             throw new WSSecurityException(
@@ -680,7 +684,7 @@ public class SignatureProcessor implemen
                 "A replay attack has been detected");
         }
 
-        // Store the Timestamp/SignatureValue combination in the cache
+        // Store the Timestamp/SignatureValue/Key combination in the cache
         Date expires = timeStamp.getExpires();
         if (expires != null) {
             Date rightNow = new Date();



Mime
View raw message