You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "David R. Robison" <da...@openroadsconsulting.com> on 2014/10/07 02:56:32 UTC

Patch to allow timestamps to be spoofed

Some times, when connecting to ONVIF cameras, I have to spoof my local 
time to the camer's time for ONVIF and WS-Security to work. Here is a 
patch to allow a custom WSTimeSource to be assinged to a Axis2 
connection. David

Index: 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
===================================================================
--- 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
(revision 1629724)
+++ 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
(working copy)
@@ -58,6 +58,7 @@
  import org.apache.ws.security.message.token.SecurityContextToken;
  import org.apache.ws.security.util.Loader;
  import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.WSTimeSource;
  import org.w3c.dom.Document;

  import java.util.ArrayList;
@@ -103,6 +104,11 @@
      public final static String KEY_WST_VERSION = "wstVersion";

      public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+    /**
+     * Key to hold the WSTimeSource
+     */
+    public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";

      /**
       * Key to hold the WS-SecConv version
@@ -180,6 +186,14 @@

              //Update the UsernameToken validator
this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN, 
RampartUsernameTokenValidator.class);
+
+            // set the Time Source
+            try {
+                WSTimeSource wsTimeSource = 
(WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
+                if (wsTimeSource != null) 
this.config.setCurrentTime(wsTimeSource);
+            } catch (Exception e) {
+                throw new RampartException("errorInWSTimeSource", e);
+            }

              // First obtain the axis service as we have to do a null 
check, there can be situations
              // where Axis Service is null

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526



This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org

Re: Patch to allow timestamps to be spoofed

Posted by "David R. Robison" <da...@openroadsconsulting.com>.

Here is an updated patch that includes the ability to disable BSP 
compliance. David

Index: 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
===================================================================
--- 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
(revision 1629724)
+++ 
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
(working copy)
@@ -58,6 +58,7 @@
  import org.apache.ws.security.message.token.SecurityContextToken;
  import org.apache.ws.security.util.Loader;
  import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.WSTimeSource;
  import org.w3c.dom.Document;

  import java.util.ArrayList;
@@ -103,6 +104,16 @@
      public final static String KEY_WST_VERSION = "wstVersion";

      public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+    /**
+     * Key to hold the WSTimeSource
+     */
+    public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
+
+    /**
+     * Key to hold the BSP compliance
+     */
+    public final static String IS_BSP_COMPLIANT = "isBSPCompliant";

      /**
       * Key to hold the WS-SecConv version
@@ -180,7 +191,15 @@

              //Update the UsernameToken validator
this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN, 
RampartUsernameTokenValidator.class);
-
+
+            // set the Time Source
+            WSTimeSource wsTimeSource = 
(WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
+            if (wsTimeSource != null) 
this.config.setCurrentTime(wsTimeSource);
+
+            // BSP Compliance
+            Boolean isBSPCompliant = 
(Boolean)msgCtx.getProperty(IS_BSP_COMPLIANT);
+             if (isBSPCompliant != null) 
this.config.setWsiBSPCompliant(isBSPCompliant);
+
              // First obtain the axis service as we have to do a null 
check, there can be situations
              // where Axis Service is null
              AxisService axisService = msgCtx.getAxisService();

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526

On 10/6/2014 8:56 PM, David R. Robison wrote:
> Some times, when connecting to ONVIF cameras, I have to spoof my local 
> time to the camer's time for ONVIF and WS-Security to work. Here is a 
> patch to allow a custom WSTimeSource to be assinged to a Axis2 
> connection. David
>
> Index: 
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
> ===================================================================
> --- 
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
> (revision 1629724)
> +++ 
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java 
> (working copy)
> @@ -58,6 +58,7 @@
>  import org.apache.ws.security.message.token.SecurityContextToken;
>  import org.apache.ws.security.util.Loader;
>  import org.apache.ws.security.util.WSSecurityUtil;
> +import org.apache.ws.security.util.WSTimeSource;
>  import org.w3c.dom.Document;
>
>  import java.util.ArrayList;
> @@ -103,6 +104,11 @@
>      public final static String KEY_WST_VERSION = "wstVersion";
>
>      public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
> +
> +    /**
> +     * Key to hold the WSTimeSource
> +     */
> +    public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
>
>      /**
>       * Key to hold the WS-SecConv version
> @@ -180,6 +186,14 @@
>
>              //Update the UsernameToken validator
> this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN, 
> RampartUsernameTokenValidator.class);
> +
> +            // set the Time Source
> +            try {
> +                WSTimeSource wsTimeSource = 
> (WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
> +                if (wsTimeSource != null) 
> this.config.setCurrentTime(wsTimeSource);
> +            } catch (Exception e) {
> +                throw new RampartException("errorInWSTimeSource", e);
> +            }
>
>              // First obtain the axis service as we have to do a null 
> check, there can be situations
>              // where Axis Service is null
>



This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org