TimestampValidator xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.validate;
21  
22  
23  import org.apache.ws.security.WSSConfig;
24  import org.apache.ws.security.WSSecurityException;
25  import org.apache.ws.security.handler.RequestData;
26  import org.apache.ws.security.message.token.Timestamp;
27  
28  /**
29   * This class validates a processed Timestamp, extracted from the Credential passed to
30   * the validate method.
31   */
32  public class TimestampValidator implements Validator {
33      
34      /**
35       * Validate the credential argument. It must contain a non-null Timestamp.
36       * 
37       * @param credential the Credential to be validated
38       * @param data the RequestData associated with the request
39       * @throws WSSecurityException on a failed validation
40       */
41      public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
42          if (credential == null || credential.getTimestamp() == null) {
43              throw new WSSecurityException(WSSecurityException.FAILURE, "noCredential");
44          }
45          if (data.getWssConfig() == null) {
46              throw new WSSecurityException("WSSConfig cannot be null");
47          }
48          WSSConfig wssConfig = data.getWssConfig();
49          boolean timeStampStrict = true;
50          int timeStampTTL = 300;
51          int futureTimeToLive = 60;
52          if (wssConfig != null) {
53              timeStampStrict = wssConfig.isTimeStampStrict();
54              timeStampTTL = wssConfig.getTimeStampTTL();
55              futureTimeToLive = wssConfig.getTimeStampFutureTTL();
56          }
57          
58          Timestamp timeStamp = credential.getTimestamp();
59          // Validate whether the security semantics have expired
60          if ((timeStampStrict && timeStamp.isExpired()) 
61              || !timeStamp.verifyCreated(timeStampTTL, futureTimeToLive)) {
62              throw new WSSecurityException(
63                  WSSecurityException.MESSAGE_EXPIRED,
64                  "invalidTimestamp",
65                  new Object[] {"The security semantics of the message have expired"}
66              );
67          }
68          return credential;
69      }
70      
71  
72     
73  }