You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by co...@apache.org on 2009/05/01 13:26:17 UTC
svn commit: r770639 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
action/TimestampAction.java handler/WSHandler.java
message/WSSecTimestamp.java message/token/Timestamp.java
processor/TimestampProcessor.java
Author: coheigea
Date: Fri May 1 11:26:16 2009
New Revision: 770639
URL: http://svn.apache.org/viewvc?rev=770639&view=rev
Log:
Some optimisations to Timestamp creation/processing
- In particular, the logic for validating TTL is moved from WSHandler to Timestamp
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java?rev=770639&r1=770638&r2=770639&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/action/TimestampAction.java Fri May 1 11:26:16 2009
@@ -26,13 +26,15 @@
import org.w3c.dom.Document;
public class TimestampAction implements Action {
+
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
- throws WSSecurityException {
- WSSecTimestamp timeStampBuilder =
- new WSSecTimestamp();
+ throws WSSecurityException {
+ //
+ // add the Timestamp to the SOAP Envelope
+ //
+ WSSecTimestamp timeStampBuilder = new WSSecTimestamp();
timeStampBuilder.setWsConfig(reqData.getWssConfig());
timeStampBuilder.setTimeToLive(handler.decodeTimeToLive(reqData));
- // add the Timestamp to the SOAP Envelope
timeStampBuilder.build(doc, reqData.getSecHeader());
}
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=770639&r1=770638&r2=770639&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Fri May 1 11:26:16 2009
@@ -37,7 +37,6 @@
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Document;
import javax.security.auth.callback.Callback;
@@ -45,10 +44,7 @@
import java.math.BigInteger;
import java.security.cert.X509Certificate;
-import java.text.DateFormat;
import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.Properties;
@@ -1242,40 +1238,7 @@
* @throws WSSecurityException
*/
protected boolean verifyTimestamp(Timestamp timestamp, int timeToLive) throws WSSecurityException {
-
- // Calculate the time that is allowed for the message to travel
- Calendar validCreation = Calendar.getInstance();
- long currentTime = validCreation.getTime().getTime();
- currentTime -= timeToLive * 1000;
- validCreation.setTime(new Date(currentTime));
-
- if (doDebug) {
- log.debug("Preparing to verify the timestamp");
- DateFormat zulu = new XmlSchemaDateFormat();
- log.debug("Validation of Timestamp: Current time is "
- + zulu.format(Calendar.getInstance().getTime()));
- log.debug("Validation of Timestamp: Valid creation is "
- + zulu.format(validCreation.getTime()));
- if (timestamp.getCreated() != null) {
- log.debug("Validation of Timestamp: Timestamp created is "
- + zulu.format(timestamp.getCreated().getTime()));
- }
- }
- // Validate the time it took the message to travel
- // if (timestamp.getCreated().before(validCreation) ||
- // !timestamp.getCreated().equals(validCreation)) {
- Calendar cre = timestamp.getCreated();
- if (cre != null && !cre.after(validCreation)) {
- if (doDebug) {
- log.debug("Validation of Timestamp: The message was created too long ago");
- }
- return false;
- }
-
- if (doDebug) {
- log.debug("Validation of Timestamp: Everything is ok");
- }
- return true;
+ return timestamp.verifyCreated(timeToLive);
}
/**
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java?rev=770639&r1=770638&r2=770639&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSecTimestamp.java Fri May 1 11:26:16 2009
@@ -42,12 +42,6 @@
private int timeToLive = 300; // time between Created and Expires
/**
- * Constructor.
- */
- public WSSecTimestamp() {
- }
-
- /**
* Set the time to live. This is the time difference in seconds between the
* <code>Created</code> and the <code>Expires</code> in
* <code>Timestamp</code>. <p/>
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java?rev=770639&r1=770638&r2=770639&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/Timestamp.java Fri May 1 11:26:16 2009
@@ -19,6 +19,8 @@
package org.apache.ws.security.message.token;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.DOM2Writer;
@@ -33,6 +35,8 @@
import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
import java.util.TimeZone;
import java.util.Vector;
@@ -43,9 +47,11 @@
* @author Christof Soehngen (christof.soehngen@syracom.de)
*/
public class Timestamp {
+
+ private final static Log LOG = LogFactory.getLog(Timestamp.class.getName());
protected Element element = null;
- protected Vector customElements = null;
+ protected List customElements = null;
protected Calendar created;
protected Calendar expires;
@@ -69,10 +75,11 @@
currentChild = currentChild.getNextSibling()
) {
if (currentChild instanceof Element) {
+ Element currentChildElement = (Element) currentChild;
if (WSConstants.CREATED_LN.equals(currentChild.getLocalName()) &&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
if (strCreated == null) {
- strCreated = ((Text) ((Element) currentChild).getFirstChild()).getData();
+ strCreated = ((Text)currentChildElement.getFirstChild()).getData();
} else {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY, "invalidTimestamp"
@@ -81,27 +88,36 @@
} else if (WSConstants.EXPIRES_LN.equals(currentChild.getLocalName()) &&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
if (strExpires == null) {
- strExpires = ((Text) ((Element) currentChild).getFirstChild()).getData();
+ strExpires = ((Text)currentChildElement.getFirstChild()).getData();
} else {
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY, "invalidTimestamp"
);
}
} else {
- customElements.add((Element) currentChild);
+ customElements.add(currentChildElement);
}
}
}
DateFormat zulu = new XmlSchemaDateFormat();
try {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Current time: " + zulu.format(Calendar.getInstance().getTime()));
+ }
if (strCreated != null) {
created = Calendar.getInstance();
created.setTime(zulu.parse(strCreated));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Timestamp created: " + zulu.format(created.getTime()));
+ }
}
if (strExpires != null) {
expires = Calendar.getInstance();
expires.setTime(zulu.parse(strExpires));
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Timestamp expires: " + zulu.format(expires.getTime()));
+ }
}
} catch (ParseException e) {
throw new WSSecurityException(
@@ -179,7 +195,7 @@
* @return the <code>wsse:UsernameToken</code> element
*/
public Element getElement() {
- return this.element;
+ return element;
}
/**
@@ -188,7 +204,7 @@
* @return a XML string representation
*/
public String toString() {
- return DOM2Writer.nodeToString((Node) this.element);
+ return DOM2Writer.nodeToString((Node) element);
}
/**
@@ -220,10 +236,10 @@
/**
* Get the the custom elements from this Timestamp
*
- * @return the vector containing the custom elements.
+ * @return the list containing the custom elements.
*/
- public Vector getCustomElements() {
- return this.customElements;
+ public List getCustomElements() {
+ return customElements;
}
/**
@@ -231,14 +247,59 @@
* @param id
*/
public void setID(String id) {
- this.element.setAttributeNS(WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":Id", id);
+ element.setAttributeNS(WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":Id", id);
}
/**
* @return the value of the wsu:Id attribute
*/
public String getID() {
- return this.element.getAttributeNS(WSConstants.WSU_NS, "Id");
+ return element.getAttributeNS(WSConstants.WSU_NS, "Id");
+ }
+
+ /**
+ * Return true if the current Timestamp is expired, meaning if the "Expires" value
+ * is before the current time. It returns false if there is no Expires value.
+ */
+ public boolean isExpired() {
+ Calendar rightNow = Calendar.getInstance();
+ if (expires != null) {
+ return expires.before(rightNow);
+ }
+ return false;
}
+
+ /**
+ * Return true if the "Created" value is before the current time minus the timeToLive
+ * argument.
+ *
+ * @param timeToLive
+ * the limit on the receivers' side, that the timestamp is validated against
+ * @return true if the timestamp is before (now-timeToLive), false otherwise
+ */
+ public boolean verifyCreated(
+ int timeToLive
+ ) {
+ // Calculate the time that is allowed for the message to travel
+ Calendar validCreation = Calendar.getInstance();
+ long currentTime = validCreation.getTime().getTime();
+ currentTime -= timeToLive * 1000;
+ validCreation.setTime(new Date(currentTime));
+
+ // Validate the time it took the message to travel
+ if (created != null && created.before(validCreation)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Validation of Timestamp: The message was created too long ago");
+ }
+ return false;
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Validation of Timestamp: Everything is ok");
+ }
+ return true;
+ }
+
+
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java?rev=770639&r1=770638&r2=770639&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/TimestampProcessor.java Fri May 1 11:26:16 2009
@@ -28,12 +28,9 @@
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.Timestamp;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
import javax.security.auth.callback.CallbackHandler;
-import java.text.DateFormat;
-import java.util.Calendar;
import java.util.Vector;
public class TimestampProcessor implements Processor {
@@ -64,35 +61,21 @@
0,
new WSSecurityEngineResult(WSConstants.TS, timestamp)
);
- tsId = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+ tsId = timestamp.getID();
}
public void handleTimestamp(Timestamp timestamp) throws WSSecurityException {
if (log.isDebugEnabled()) {
log.debug("Preparing to verify the timestamp");
-
- DateFormat zulu = new XmlSchemaDateFormat();
-
- log.debug("Current time: " + zulu.format(Calendar.getInstance().getTime()));
- if (timestamp.getCreated() != null) {
- log.debug("Timestamp created: " + zulu.format(timestamp.getCreated().getTime()));
- }
- if (timestamp.getExpires() != null) {
- log.debug("Timestamp expires: " + zulu.format(timestamp.getExpires().getTime()));
- }
}
// Validate whether the security semantics have expired
- Calendar exp = timestamp.getExpires();
- if (exp != null && wssConfig.isTimeStampStrict()) {
- Calendar rightNow = Calendar.getInstance();
- if (exp.before(rightNow)) {
- throw new WSSecurityException(
- WSSecurityException.MESSAGE_EXPIRED,
- "invalidTimestamp",
- new Object[] {"The security semantics of the message have expired"}
- );
- }
+ if (wssConfig.isTimeStampStrict() && timestamp.isExpired()) {
+ throw new WSSecurityException(
+ WSSecurityException.MESSAGE_EXPIRED,
+ "invalidTimestamp",
+ new Object[] {"The security semantics of the message have expired"}
+ );
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org