Timestamp - UTC timezone

["Garzon Nino, Juan Carlos" <JG...@bancodebogota.com.co>]

Hi,

I've been building a Web Service using Axis2 1.5.4 and Rampart 1.5. I want the messages to be signed and to include a timestamp therefore I already did all the configurations at server-side and client-side. I'm having some trouble when it comes to validate the message at server-side because of the timezone I guess.

Here's a message I sent from the client :

<?xml version='1.0' encoding='utf-8'?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1295968024729-1196255735">
<wsu:Created>2011-01-25T10:07:04Z</wsu:Created>
<wsu:Expires>2011-01-25T10:07:09Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-12959680247291768032455">MIIEQzCCAisCCQDX4JCY6UOhbjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCQ08xFTATBgNVBAgTDEN1bmRpbmFtYXJjYTEPMA0GA1UEBxMGQm9nb3RhMRgwFgYDVQQKEw9CYW5jbyBkZSBCb2dvdGExHzAdBgNVBAsTFkdlcmVuY2lhIGRlIGRlc2Fycm9sbG8xIDAeBgNVBAMTF1NlcnZpY2lvcyBlIEludGVncmFjaW9uMSswKQYJKoZIhvcNAQkBFhxqZ2Fyem9uQGJhbmNvZGVib2dvdGEuY29tLmNvMB4XDTEwMDkzMDIwNTc1MVoXDTEyMDkyOTIwNTc1MVowgYoxCzAJBgNVBAYTAkNPMRUwEwYDVQQIEwxDdW5kaW5hbWFyY2ExDzANBgNVBAcTBkJvZ290YTEYMBYGA1UEChMPQmFuY28gZGUgQm9nb3RhMR8wHQYDVQQLExZHZXJlbmNpYSBkZSBEZXNhcnJvbGxvMRgwFgYDVQQDEw9QcnVlYmFzIENsaWVudGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKX7CtHpeMFwRhppcbG1VPKMQoBNITtuczHG/EUNH+907RdJ0xV0mwS0fEcUcplIP1P4CKNy+jzEQhP80LQo/ockZASeC2W51SqAjLvc9jLJVRzFUOYyvGDC1eB86rHUPMFWAZBG+PtJyI+3qFHD0JfdxuosA2tb1YoKhVg8Rt9TAgMBAAEwDQYJKoZIhvcNAQEFBQADggIBAIgMQ+I9u3HBJUBEhb59A7dr2Q5bTemNGYyNQPlFliaPj228sYIW7813Zbh8yKPtMbdbgyfAusn4/zzdeikl6peomWcjxaUFYScn48K9ZHlTq74OPlSENnjMjQfSemBeNc+BW6sXa7NLUD6Qo3IPSM7vwW/rQ+iHF+db56l3DBkdCPldsSHTSrgnsBvHEgvY845WQETmHajPDvvitOQGR1r2n9jGtyjlqa+1xDJ2SHKhMBtGWboKDXgRhvlkBSMPA650WiwXL8KOH78LqCSarYnGYCULt89VgDKgmdErur/8g3qd/kphBz3Tj5G5PXb3G4M0d6ff5KjLYTZaR3yUYXmBLhn4KXc37EEUx7wuBJCwqbQfO+wqoK9B+odjh68qaT9EzRXUa+MDQJRkRDuTTP1DicXDllbDT3PNxnAXdm0RLR29XmqSiJWk8llfTWGkGhQ80LAlv5zwbAh3I2dIUcWtQC6lYLXm5i7NvIgFdDWevqCNNGj8P1j7xRLaarIqalCXyJRXwpWX+GMfqetGfhhzxDAePZcD9BCpynzj/AaWBGNos+YfrxaIY4EZQhF+wiwt27K1wHOwzLmuBi5hidUh8yjM7tmvDASRTuN7irSBxIbhWzUrLm9fvDPxa/HbEzhPMGMqwA+ZeRX7uTPOsWnCYyvojopLhTV+hWqifO8W</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1295968024729151312491">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse env xsd xsi" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#XWSSGID-12959680247311874199154">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Qa3FUM9+MNVxWMdNBL+0syv2OX0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>liGWFQnNd05pstlS8M67KLDO9pB0xQPnFO3XpwvM3LTSKmMcZApNkBmBfNZE/nf2wQTag9lPMCJk
kodmdopFKeym21qIk9IVwbRwpufE5UL2KVFtJwZ+xy78LU7pVxNJxlcdGNpM8AfWYYkvqHeX7A/9
cetvkKmQI/NUb+W+lo8=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1295968024730-1672617959">
<wsse:Reference URI="#XWSSGID-12959680247291768032455" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-12959680247311874199154">
<jkns:parameters xmlns:jkns="http://tempuri.org/AreaService/">
<width>3</width>
<height>3</height>
</jkns:parameters>
</env:Body></env:Envelope>



At Server-side I got this error:

[2011-01-25 10:07:05,708][DEBUG][http-8080-1][org.apache.ws.security.processor.TimestampProcessor]: Found Timestamp list element
[2011-01-25 10:07:05,722][DEBUG][http-8080-1][org.apache.ws.security.processor.TimestampProcessor]: Preparing to verify the timestamp
[2011-01-25 10:07:05,723][DEBUG][http-8080-1][org.apache.ws.security.processor.TimestampProcessor]: Current time: 2011-01-25T15:07:05.722Z
[2011-01-25 10:07:05,723][DEBUG][http-8080-1][org.apache.ws.security.processor.TimestampProcessor]: Timestamp created: 2011-01-25T10:07:04.000Z
[2011-01-25 10:07:05,723][DEBUG][http-8080-1][org.apache.ws.security.processor.TimestampProcessor]: Timestamp expires: 2011-01-25T10:07:09.000Z
[2011-01-25 10:07:05,731][ERROR][http-8080-1][org.apache.axis2.engine.AxisEngine]: The message has expired (WSSecurityEngine: Invalid timestamp The security semantics of the message have expired)
org.apache.axis2.AxisFault: The message has expired (WSSecurityEngine: Invalid timestamp The security semantics of the message have expired)


As you can see the current time in the processing context is "2011-01-25T15:07:05.722Z" but the times of the message and the log4j record are "2011-01-25 10:07:05,723" (5 hours earlier) this must be because I set the -Duser.timezone="America/Bogota" parameter to the JVM on which the server is runnig.

I need the time of the processing context to be the same as the log4j one.

My question is do you think I am missing any parameters in Axis or in Rampart?


Thanks in advance.


Atte,
Juan Carlos

AVISO LEGAL: Este mensaje y sus anexos pueden contener información confidencial o legalmente protegida y no puede ser utilizada ni divulgada por personas diferentes a su destinatario. Si por error, recibe este mensaje, por favor avise inmediatamente a su remitente y destruya toda copia que tenga del mismo. Cualquier uso, divulgación,copia, distribución, impresión o acto derivado del conocimiento total o parcial de este mensaje sin autorización del Banco de Bogotá será sancionado de acuerdo con las  normas legales vigentes. De otra parte, al destinatario se le considera custodio de la información contenida y debe velar por su confidencialidad, integridad y privacidad. Las opiniones contenidas en este mensaje electrónico no relacionadas con la actividad del Banco, no necesariamente representan la opinión del Banco de Bogotá.