1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.validate;
21
22
23 import org.apache.wss4j.common.ext.WSSecurityException;
24 import org.apache.wss4j.dom.handler.RequestData;
25 import org.apache.wss4j.dom.message.token.Timestamp;
26
27
28
29
30
31 public class TimestampValidator implements Validator {
32
33
34
35
36
37
38
39
40 public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
41 if (credential == null || credential.getTimestamp() == null) {
42 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
43 }
44 if (data.getWssConfig() == null) {
45 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
46 new Object[] {"WSSConfig cannot be null"});
47 }
48 boolean timeStampStrict = data.isTimeStampStrict();
49 int timeStampTTL = data.getTimeStampTTL();
50 int futureTimeToLive = data.getTimeStampFutureTTL();
51
52 Timestamp timeStamp = credential.getTimestamp();
53
54
55 if (timeStampStrict && timeStamp.isExpired()) {
56 throw new WSSecurityException(
57 WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
58 "invalidTimestamp",
59 new Object[] {"The message timestamp has expired"});
60 }
61
62
63 if (!timeStamp.verifyCreated(timeStampTTL, futureTimeToLive)) {
64 throw new WSSecurityException(
65 WSSecurityException.ErrorCode.MESSAGE_EXPIRED,
66 "invalidTimestamp",
67 new Object[] {"The message timestamp is out of range"});
68 }
69
70 if (data.isRequireTimestampExpires() && timeStamp.getExpires() == null) {
71 throw new WSSecurityException(
72 WSSecurityException.ErrorCode.SECURITY_ERROR,
73 "invalidTimestamp",
74 new Object[] {"The received Timestamp does not contain an expires Element"});
75 }
76 return credential;
77 }
78
79
80
81 }