You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "David R. Robison" <da...@openroadsconsulting.com> on 2014/10/07 02:56:32 UTC
Patch to allow timestamps to be spoofed
Some times, when connecting to ONVIF cameras, I have to spoof my local
time to the camer's time for ONVIF and WS-Security to work. Here is a
patch to allow a custom WSTimeSource to be assinged to a Axis2
connection. David
Index:
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
===================================================================
---
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
(revision 1629724)
+++
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
(working copy)
@@ -58,6 +58,7 @@
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.WSTimeSource;
import org.w3c.dom.Document;
import java.util.ArrayList;
@@ -103,6 +104,11 @@
public final static String KEY_WST_VERSION = "wstVersion";
public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WSTimeSource
+ */
+ public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
/**
* Key to hold the WS-SecConv version
@@ -180,6 +186,14 @@
//Update the UsernameToken validator
this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN,
RampartUsernameTokenValidator.class);
+
+ // set the Time Source
+ try {
+ WSTimeSource wsTimeSource =
(WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
+ if (wsTimeSource != null)
this.config.setCurrentTime(wsTimeSource);
+ } catch (Exception e) {
+ throw new RampartException("errorInWSTimeSource", e);
+ }
// First obtain the axis service as we have to do a null
check, there can be situations
// where Axis Service is null
--
David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: Patch to allow timestamps to be spoofed
Posted by "David R. Robison" <da...@openroadsconsulting.com>.
Here is an updated patch that includes the ability to disable BSP
compliance. David
Index:
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
===================================================================
---
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
(revision 1629724)
+++
modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
(working copy)
@@ -58,6 +58,7 @@
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.WSTimeSource;
import org.w3c.dom.Document;
import java.util.ArrayList;
@@ -103,6 +104,16 @@
public final static String KEY_WST_VERSION = "wstVersion";
public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WSTimeSource
+ */
+ public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
+
+ /**
+ * Key to hold the BSP compliance
+ */
+ public final static String IS_BSP_COMPLIANT = "isBSPCompliant";
/**
* Key to hold the WS-SecConv version
@@ -180,7 +191,15 @@
//Update the UsernameToken validator
this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN,
RampartUsernameTokenValidator.class);
-
+
+ // set the Time Source
+ WSTimeSource wsTimeSource =
(WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
+ if (wsTimeSource != null)
this.config.setCurrentTime(wsTimeSource);
+
+ // BSP Compliance
+ Boolean isBSPCompliant =
(Boolean)msgCtx.getProperty(IS_BSP_COMPLIANT);
+ if (isBSPCompliant != null)
this.config.setWsiBSPCompliant(isBSPCompliant);
+
// First obtain the axis service as we have to do a null
check, there can be situations
// where Axis Service is null
AxisService axisService = msgCtx.getAxisService();
David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
On 10/6/2014 8:56 PM, David R. Robison wrote:
> Some times, when connecting to ONVIF cameras, I have to spoof my local
> time to the camer's time for ONVIF and WS-Security to work. Here is a
> patch to allow a custom WSTimeSource to be assinged to a Axis2
> connection. David
>
> Index:
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
> ===================================================================
> ---
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
> (revision 1629724)
> +++
> modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
> (working copy)
> @@ -58,6 +58,7 @@
> import org.apache.ws.security.message.token.SecurityContextToken;
> import org.apache.ws.security.util.Loader;
> import org.apache.ws.security.util.WSSecurityUtil;
> +import org.apache.ws.security.util.WSTimeSource;
> import org.w3c.dom.Document;
>
> import java.util.ArrayList;
> @@ -103,6 +104,11 @@
> public final static String KEY_WST_VERSION = "wstVersion";
>
> public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
> +
> + /**
> + * Key to hold the WSTimeSource
> + */
> + public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
>
> /**
> * Key to hold the WS-SecConv version
> @@ -180,6 +186,14 @@
>
> //Update the UsernameToken validator
> this.config.setValidator(WSSecurityEngine.USERNAME_TOKEN,
> RampartUsernameTokenValidator.class);
> +
> + // set the Time Source
> + try {
> + WSTimeSource wsTimeSource =
> (WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
> + if (wsTimeSource != null)
> this.config.setCurrentTime(wsTimeSource);
> + } catch (Exception e) {
> + throw new RampartException("errorInWSTimeSource", e);
> + }
>
> // First obtain the axis service as we have to do a null
> check, there can be situations
> // where Axis Service is null
>
This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org