View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.validate;
21  
22  
23  import org.apache.wss4j.common.ext.WSSecurityException;
24  import org.apache.wss4j.dom.handler.RequestData;
25  import org.apache.wss4j.dom.message.token.Timestamp;
26  
27  /**
28   * This class validates a processed Timestamp, extracted from the Credential passed to
29   * the validate method.
30   */
31  public class TimestampValidator implements Validator {
32  
33      /**
34       * Validate the credential argument. It must contain a non-null Timestamp.
35       *
36       * @param credential the Credential to be validated
37       * @param data the RequestData associated with the request
38       * @throws WSSecurityException on a failed validation
39       */
40      public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
41          if (credential == null || credential.getTimestamp() == null) {
42              throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
43          }
44          if (data.getWssConfig() == null) {
45              throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
46                                            new Object[] {"WSSConfig cannot be null"});
47          }
48          boolean timeStampStrict = data.isTimeStampStrict();
49          int timeStampTTL = data.getTimeStampTTL();
50          int futureTimeToLive = data.getTimeStampFutureTTL();
51  
52          Timestamp timeStamp = credential.getTimestamp();
53  
54          // See if the Timestamp has expired
55          if (timeStampStrict && timeStamp.isExpired()) {
56              throw new WSSecurityException(
57                  WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
58                  "invalidTimestamp",
59                  new Object[] {"The message timestamp has expired"});
60          }
61  
62          // Validate the Created date
63          if (!timeStamp.verifyCreated(timeStampTTL, futureTimeToLive)) {
64              throw new WSSecurityException(
65                  WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
66                  "invalidTimestamp",
67                  new Object[] {"The message timestamp is out of range"});
68          }
69  
70          if (data.isRequireTimestampExpires() && timeStamp.getExpires() == null) {
71              throw new WSSecurityException(
72                  WSSecurityException.ErrorCode.SECURITY_ERROR,
73                  "invalidTimestamp",
74                  new Object[] {"The received Timestamp does not contain an expires Element"});
75          }
76          return credential;
77      }
78  
79  
80  
81  }