Author: coheigea
Date: Tue Feb 8 16:01:58 2011
New Revision: 1068458
URL: http://svn.apache.org/viewvc?rev=1068458&view=rev
Log:
[WSS-266,WSS-256] - Some tidy up from WSS-266 and some BSP improvements and
tests for Timestamp processing
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/CustomTokenPrincipal.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/XmlSchemaDateFormat.java
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/CustomTokenPrincipal.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/CustomTokenPrincipal.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/CustomTokenPrincipal.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/CustomTokenPrincipal.java
Tue Feb 8 16:01:58 2011
@@ -29,7 +29,6 @@ public class CustomTokenPrincipal implem
private Element tokenElement;
private String name;
private Object tokenObject;
- private boolean requiresFurtherAuthentication = false;
public Object getTokenObject() {
return tokenObject;
@@ -55,12 +54,4 @@ public class CustomTokenPrincipal implem
this.tokenElement = tokenElement;
}
- public void setRequiresFurtherAuthentication(boolean
requiresFurtherAuthentication) {
- this.requiresFurtherAuthentication = requiresFurtherAuthentication;
- }
-
- public boolean isRequiresFurtherAuthentication() {
- return requiresFurtherAuthentication;
- }
-
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
Tue Feb 8 16:01:58 2011
@@ -289,15 +289,33 @@ public class WSSecurityEngine {
List<WSSecurityEngineResult> returnResults = new
ArrayList<WSSecurityEngineResult>();
final WSSConfig cfg = getWssConfig();
Node node = securityHeader.getFirstChild();
+
+ boolean foundTimestamp = false;
while (node != null) {
if (Node.ELEMENT_NODE == node.getNodeType()) {
QName el = new QName(node.getNamespaceURI(),
node.getLocalName());
- Processor p = cfg.getProcessor(el);
+
+ // Check for multiple timestamps
+ if (wssConfig.isWsiBSPCompliant()) {
+ if (foundTimestamp && el.equals(TIMESTAMP)) {
+ if (doDebug) {
+ log.debug(
+ "Failure on processing multiple Timestamps as
per the BSP"
+ );
+ }
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY_TOKEN,
"invalidTimestamp"
+ );
+ } else if (el.equals(TIMESTAMP)) {
+ foundTimestamp = true;
+ }
+ }
//
// Call the processor for this token. After the processor
returns,
// store it for later retrieval. The token processor may store
some
// information about the processed token
//
+ Processor p = cfg.getProcessor(el);
if (p != null) {
List<WSSecurityEngineResult> results =
p.handleToken((Element) node, sigCrypto, decCrypto,
cb, wsDocInfo, cfg);
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Timestamp.java
Tue Feb 8 16:01:58 2011
@@ -62,6 +62,18 @@ public class Timestamp {
* contains the timestamp data
*/
public Timestamp(Element timestampElement) throws WSSecurityException {
+ this(timestampElement, true);
+ }
+
+ /**
+ * Constructs a <code>Timestamp</code> object and parses the
+ * <code>wsu:Timestamp</code> element to initialize it.
+ *
+ * @param timestampElement the <code>wsu:Timestamp</code> element that
+ * contains the timestamp data
+ * @param bspCompliant whether the Timestamp processing complies with the
BSP spec
+ */
+ public Timestamp(Element timestampElement, boolean bspCompliant) throws
WSSecurityException {
element = timestampElement;
customElements = new ArrayList<Element>();
@@ -78,8 +90,16 @@ public class Timestamp {
if (WSConstants.CREATED_LN.equals(currentChild.getLocalName())
&&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
if (strCreated == null) {
+ String valueType =
currentChildElement.getAttribute("ValueType");
+ if (bspCompliant && valueType != null &&
!"".equals(valueType)) {
+ // We can't have a ValueType attribute as per the
BSP spec
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
"invalidTimestamp"
+ );
+ }
strCreated =
((Text)currentChildElement.getFirstChild()).getData();
} else {
+ // Test for multiple Created elements
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
"invalidTimestamp"
);
@@ -87,19 +107,46 @@ public class Timestamp {
} else if
(WSConstants.EXPIRES_LN.equals(currentChild.getLocalName()) &&
WSConstants.WSU_NS.equals(currentChild.getNamespaceURI())) {
if (strExpires == null) {
+ String valueType =
currentChildElement.getAttribute("ValueType");
+ if (bspCompliant && valueType != null &&
!"".equals(valueType)) {
+ // We can't have a ValueType attribute as per the
BSP spec
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
"invalidTimestamp"
+ );
+ }
strExpires =
((Text)currentChildElement.getFirstChild()).getData();
- } else {
+ } else if (strExpires != null || (bspCompliant &&
strCreated == null)) {
+ //
+ // Created must appear before Expires, and we can't
have multiple
+ // Expires elements
+ //
throw new WSSecurityException(
WSSecurityException.INVALID_SECURITY,
"invalidTimestamp"
);
}
} else {
+ if (bspCompliant) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY,
"invalidTimestamp"
+ );
+ }
customElements.add(currentChildElement);
}
}
}
+
+ // We must have a Created element
+ if (bspCompliant && strCreated == null) {
+ throw new WSSecurityException(
+ WSSecurityException.INVALID_SECURITY, "invalidTimestamp"
+ );
+ }
+ // Parse the dates
DateFormat zulu = new XmlSchemaDateFormat();
+ if (bspCompliant) {
+ zulu.setLenient(false);
+ }
try {
if (LOG.isDebugEnabled()) {
LOG.debug("Current time: " + zulu.format(new Date()));
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
Tue Feb 8 16:01:58 2011
@@ -144,11 +144,11 @@ public class SignatureProcessor implemen
publicKey = strParser.getPublicKey();
secretKey = strParser.getSecretKey();
- Credential credential = new Credential();
- credential.setPublicKey(publicKey);
- credential.setCertificates(certs);
- credential.setPrincipal(principal);
if (publicKey != null || certs != null) {
+ Credential credential = new Credential();
+ credential.setPublicKey(publicKey);
+ credential.setCertificates(certs);
+ credential.setPrincipal(principal);
validator.validate(credential);
}
}
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
Tue Feb 8 16:01:58 2011
@@ -62,7 +62,7 @@ public class TimestampProcessor implemen
//
// Decode Timestamp, add the found time (created/expiry) to result
//
- Timestamp timestamp = new Timestamp(elem);
+ Timestamp timestamp = new Timestamp(elem, wsc.isWsiBSPCompliant());
Credential credential = new Credential();
credential.setTimestamp(timestamp);
validator.setWSSConfig(wsc);
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
Tue Feb 8 16:01:58 2011
@@ -128,9 +128,6 @@ public class SignatureSTRParser implemen
}
secretKey = samlKi.getSecret();
principal = createPrincipalFromSAMLKeyInfo(samlKi,
assertion);
- if (secretKey != null && certs == null) {
-
((CustomTokenPrincipal)principal).setRequiresFurtherAuthentication(false);
- }
} else if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
EncryptedKeyProcessor proc =
new EncryptedKeyProcessor();
@@ -142,7 +139,6 @@ public class SignatureSTRParser implemen
WSSecurityEngineResult.TAG_SECRET
);
principal = new
CustomTokenPrincipal(token.getAttribute("Id"));
-
((CustomTokenPrincipal)principal).setRequiresFurtherAuthentication(false);
} else {
String id = secRef.getReference().getURI();
secretKey = getSecretKeyFromToken(id, null, cb);
@@ -169,7 +165,6 @@ public class SignatureSTRParser implemen
secretKey =
(byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
String id =
(String)result.get(WSSecurityEngineResult.TAG_ID);
principal = new CustomTokenPrincipal(id);
-
((CustomTokenPrincipal)principal).setRequiresFurtherAuthentication(false);
} else if (WSConstants.SCT == action) {
secretKey =
(byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
SecurityContextToken sct =
@@ -204,9 +199,6 @@ public class SignatureSTRParser implemen
secretKey = keyInfo.getSecret();
publicKey = keyInfo.getPublicKey();
principal = createPrincipalFromSAMLKeyInfo(keyInfo,
assertion);
- if (secretKey != null && certs == null && publicKey ==
null) {
-
((CustomTokenPrincipal)principal).setRequiresFurtherAuthentication(false);
- }
}
}
} else if (secRef.containsX509Data() ||
secRef.containsX509IssuerSerial()) {
@@ -234,9 +226,6 @@ public class SignatureSTRParser implemen
secretKey = samlKi.getSecret();
publicKey = samlKi.getPublicKey();
principal = createPrincipalFromSAMLKeyInfo(samlKi, assertion);
- if (secretKey != null && certs == null && publicKey == null) {
-
((CustomTokenPrincipal)principal).setRequiresFurtherAuthentication(false);
- }
} else {
X509Certificate[] foundCerts = secRef.getKeyIdentifier(crypto);
if (foundCerts != null) {
Modified:
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/XmlSchemaDateFormat.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/XmlSchemaDateFormat.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/XmlSchemaDateFormat.java
(original)
+++
webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/XmlSchemaDateFormat.java
Tue Feb 8 16:01:58 2011
@@ -53,6 +53,11 @@ public class XmlSchemaDateFormat extends
static {
DATEFORMAT_XSD_ZULU.setTimeZone(TimeZone.getTimeZone("UTC"));
}
+
+ @Override
+ public void setLenient(boolean lenient) {
+ DATEFORMAT_XSD_ZULU.setLenient(lenient);
+ }
/**
* This method was snarfed from
<tt>org.apache.axis.encoding.ser.CalendarDeserializer</tt>,
@@ -84,13 +89,9 @@ public class XmlSchemaDateFormat extends
}
// convert what we have validated so far
- try {
- synchronized (DATEFORMAT_XSD_ZULU) {
- date = DATEFORMAT_XSD_ZULU.parse((src == null) ? null
- : (src.substring(0, 19) + ".000Z"));
- }
- } catch (Exception e) {
- throw new NumberFormatException(e.toString());
+ synchronized (DATEFORMAT_XSD_ZULU) {
+ date = DATEFORMAT_XSD_ZULU.parse((src == null) ? null
+ : (src.substring(0, 19) + ".000Z"));
}
index = 19;
Modified:
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java?rev=1068458&r1=1068457&r2=1068458&view=diff
==============================================================================
---
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
(original)
+++
webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/TimestampTest.java
Tue Feb 8 16:01:58 2011
@@ -30,6 +30,7 @@ import org.apache.ws.security.common.SOA
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.ws.security.validate.NoOpValidator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -42,7 +43,6 @@ import java.util.List;
*/
public class TimestampTest extends org.junit.Assert {
private static final Log LOG = LogFactory.getLog(TimestampTest.class);
- private WSSecurityEngine secEngine = new WSSecurityEngine();
/**
* This is a test for processing a valid Timestamp.
@@ -276,7 +276,399 @@ public class TimestampTest extends org.j
}
}
+ /**
+ * This is a test for processing multiple Timestamps in the security header
+ */
+ @org.junit.Test
+ public void testMultipleTimestamps() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ WSSecTimestamp timestamp = new WSSecTimestamp();
+ timestamp.setTimeToLive(300);
+ Document createdDoc = timestamp.build(doc, secHeader);
+
+ timestamp = new WSSecTimestamp();
+ timestamp.setTimeToLive(60);
+ createdDoc = timestamp.build(doc, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(createdDoc);
+ LOG.debug(outputString);
+ }
+
+ //
+ // Do some processing
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ try {
+ verify(createdDoc, wssConfig);
+ fail("Expected failure on multiple timestamps");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+
+ // Turn off BSP compliance and the test should pass
+ wssConfig.setWsiBSPCompliant(false);
+ verify(createdDoc, WSSConfig.getNewInstance());
+ }
+
+ /**
+ * This is a test for processing an Timestamp where it contains multiple
"Created" elements.
+ * This Timestamp should be rejected.
+ */
+ @org.junit.Test
+ public void testMultipleCreated() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+ timestampElement.appendChild(elementCreated.cloneNode(true));
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ try {
+ verify(doc, WSSConfig.getNewInstance());
+ fail("The timestamp validation should have failed on multiple
Created elements");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
+ /**
+ * This is a test for processing an Timestamp where it contains no
"Created" element.
+ * This Timestamp should be rejected.
+ */
+ @org.junit.Test
+ public void testNoCreated() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.EXPIRES_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ try {
+ verify(doc, wssConfig);
+ fail("The timestamp validation should have failed on no Created
element");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
+ /**
+ * This is a test for processing an Timestamp where it contains multiple
"Expires" elements.
+ * This Timestamp should be rejected.
+ */
+ @org.junit.Test
+ public void testMultipleExpires() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.EXPIRES_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+ timestampElement.appendChild(elementCreated.cloneNode(true));
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ try {
+ verify(doc, WSSConfig.getNewInstance());
+ fail("The timestamp validation should have failed on multiple
Expires elements");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
+ /**
+ * This is a test for processing an Timestamp where it contains an
"Expires" element before
+ * the Created element. This Timestamp should be rejected as per the BSP
spec.
+ */
+ @org.junit.Test
+ public void testExpiresInFrontOfCreated() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.EXPIRES_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+
+ Element elementExpires =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+
elementExpires.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementExpires);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ try {
+ verify(doc, wssConfig);
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ // expected
+ }
+ }
+
+
+ /**
+ * This is a test for processing an Timestamp where it contains a Created
element with
+ * seconds > 60. This should be rejected as per the BSP spec.
+ */
+ @org.junit.Test
+ public void testCreatedSeconds() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+
elementCreated.appendChild(doc.createTextNode("2011-02-08T13:13:84.535Z"));
+ timestampElement.appendChild(elementCreated);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing - disable the validator to make sure that the
Timestamp processor
+ // is rejecting the Timestamp
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ wssConfig.setValidator(WSSecurityEngine.TIMESTAMP, new
NoOpValidator());
+ try {
+ verify(doc, wssConfig);
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ assert ex.getMessage().contains("Unparseable date");
+ }
+ }
+
+
+ /**
+ * This is a test for processing an Timestamp where it contains a Created
element with
+ * a ValueType. This should be rejected as per the BSP spec.
+ */
+ @org.junit.Test
+ public void testCreatedValueType() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.CREATED_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ elementCreated.setAttributeNS(null, "ValueType",
WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ timestampElement.appendChild(elementCreated);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ wssConfig.setValidator(WSSecurityEngine.TIMESTAMP, new
NoOpValidator());
+ try {
+ verify(doc, wssConfig);
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ //
+ }
+
+ // Now it should pass...
+ wssConfig.setWsiBSPCompliant(false);
+ verify(doc, wssConfig);
+ }
+
+
+
+ /**
+ * This is a test for processing an Timestamp where it contains a
CustomElement. This should
+ * be rejected as per the BSP spec.
+ */
+ @org.junit.Test
+ public void testCustomElement() throws Exception {
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Element timestampElement =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.TIMESTAMP_TOKEN_LN
+ );
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+ Element elementCreated =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" +
WSConstants.EXPIRES_LN
+ );
+ Date createdDate = new Date();
+ long currentTime = createdDate.getTime() + 300000;
+ createdDate.setTime(currentTime);
+
elementCreated.appendChild(doc.createTextNode(zulu.format(createdDate)));
+ timestampElement.appendChild(elementCreated);
+
+ Element elementCustom =
+ doc.createElementNS(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":" + "Custom"
+ );
+ timestampElement.appendChild(elementCustom);
+
+ secHeader.getSecurityHeader().appendChild(timestampElement);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+ //
+ // Do some processing
+ //
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+ wssConfig.setWsiBSPCompliant(true);
+ try {
+ verify(doc, wssConfig);
+ fail("The timestamp validation should have failed");
+ } catch (WSSecurityException ex) {
+ //
+ }
+
+ // Now it should pass...
+ wssConfig.setWsiBSPCompliant(false);
+ verify(doc, wssConfig);
+ }
+
/**
* Verifies the soap envelope
*
@@ -287,6 +679,7 @@ public class TimestampTest extends org.j
private List<WSSecurityEngineResult> verify(
Document doc, WSSConfig wssConfig
) throws Exception {
+ WSSecurityEngine secEngine = new WSSecurityEngine();
secEngine.setWssConfig(wssConfig);
return secEngine.processSecurityHeader(doc, null, null, null);
}
