Author: darran.lofthouse(a)jboss.com Date: 2008-04-11 12:41:01 -0400 (Fri, 11 Apr 2008) New Revision: 6366 Added: stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/TimestampVerification.java stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/ stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/JBWS1316ConfigurationTestCase.java stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/ stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/ stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-empty-tv.xml stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-full-tv.xml stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-no-tv.xml Modified: stack/native/branches/dlofthouse/JBWS-1316/.classpath stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java stack/native/branches/dlofthouse/JBWS-1316/src/main/resources/schema/jboss-ws-security_1_0.xsd Log: Add timestamp-verification element to wsse configuration and test case to verify. Modified: stack/native/branches/dlofthouse/JBWS-1316/.classpath =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/.classpath 2008-04-11 16:36:30 UTC (rev 6365) +++ stack/native/branches/dlofthouse/JBWS-1316/.classpath 2008-04-11 16:41:01 UTC (rev 6366) @@ -13,6 +13,7 @@ <classpathentry kind="lib" path="thirdparty/jaxb-xjc.jar"/> <classpathentry kind="lib" path="thirdparty/jboss-common-core.jar"/> <classpathentry kind="lib" path="thirdparty/jboss-dependency.jar"/> + <classpathentry kind="lib" path="thirdparty/jboss-javaee.jar"/> <classpathentry kind="lib" path="thirdparty/jboss-j2ee.jar"/> <classpathentry kind="lib" path="thirdparty/jboss-logging-spi.jar"/> <classpathentry kind="lib" path="thirdparty/jboss-microcontainer.jar"/> Added: stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/TimestampVerification.java =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/TimestampVerification.java (rev 0) +++ stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/TimestampVerification.java 2008-04-11 16:41:01 UTC (rev 6366) @@ -0,0 +1,94 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2008, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.ws.metadata.wsse; + +import java.io.Serializable; + +/** + * Represents the "timestamp-verification" tag. + * + * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> + * @version $Revision$ + */ +public class TimestampVerification implements Serializable +{ + + private static final long serialVersionUID = -1097288149565604697L; + + private long createdTolerance; + + private boolean warnCreated; + + private long expiresTolerance; + + private boolean warnExpires; + + public TimestampVerification(long createdTolerance, boolean warnCreated, long expiresTolerance, boolean warnExpires) + { + this.createdTolerance = createdTolerance; + this.warnCreated = warnCreated; + this.expiresTolerance = expiresTolerance; + this.warnExpires = warnExpires; + } + + public long getCreatedTolerance() + { + return createdTolerance; + } + + public void setCreatedTolerance(long createdTolerance) + { + this.createdTolerance = createdTolerance; + } + + public boolean isWarnCreated() + { + return warnCreated; + } + + public void setWarnCreated(boolean warnCreated) + { + this.warnCreated = warnCreated; + } + + public long getExpiresTolerance() + { + return expiresTolerance; + } + + public void setExpiresTolerance(long expiresTolerance) + { + this.expiresTolerance = expiresTolerance; + } + + public boolean isWarnExpires() + { + return warnExpires; + } + + public void setWarnExpires(boolean warnExpires) + { + this.warnExpires = warnExpires; + } + +} Property changes on: stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/TimestampVerification.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Modified: stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java 2008-04-11 16:36:30 UTC (rev 6365) +++ stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityConfiguration.java 2008-04-11 16:41:01 UTC (rev 6366) @@ -47,6 +47,7 @@ private String trustStorePassword; private HashMap<String, String> keyPasswords = new HashMap<String, String>(); private String nonceFactory; + private TimestampVerification timestampVerification; public WSSecurityConfiguration() { @@ -176,4 +177,15 @@ { this.nonceFactory = nonceFactory; } + + public TimestampVerification getTimestampVerification() + { + return timestampVerification; + } + + public void setTimestampVerification(TimestampVerification timestampVerification) + { + this.timestampVerification = timestampVerification; + } + } Modified: stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-04-11 16:36:30 UTC (rev 6365) +++ stack/native/branches/dlofthouse/JBWS-1316/src/main/java/org/jboss/ws/metadata/wsse/WSSecurityOMFactory.java 2008-04-11 16:41:01 UTC (rev 6366) @@ -179,6 +179,34 @@ { return new Port(attrs.getValue("", "name")); } + if ("timestamp-verification".equals(localName)) + { + //By default, the createdTolerance should be '0' + Long createdTolerance = new Long(0); + String createdToleranceAttr = attrs.getValue("", "createdTolerance"); + if (createdToleranceAttr != null) + createdTolerance = (Long)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_LONG_NAME, createdToleranceAttr, null); + + //By default, we do log warnings if the tolerance is used. + Boolean warnCreated = new Boolean(true); + String warnCreatedAttr = attrs.getValue("", "warnCreated"); + if (warnCreatedAttr != null) + warnCreated = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, warnCreatedAttr, null); + + //By default, the expiresTolerance should be '0' + Long expiresTolerance = new Long(0); + String expiresToleranceAttr = attrs.getValue("", "expiresTolerance"); + if (expiresToleranceAttr != null) + expiresTolerance = (Long)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_LONG_NAME, expiresToleranceAttr, null); + + //By default, we do log warnings if the tolerance is used. + Boolean warnExpires = new Boolean(true); + String warnExpiresAttr = attrs.getValue("", "warnExpires"); + if (warnExpiresAttr != null) + warnExpires = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, warnExpiresAttr, null); + + return new TimestampVerification(createdTolerance, warnCreated, expiresTolerance, warnExpires); + } return null; } @@ -216,6 +244,16 @@ } /** + * Called when parsing TimestampVerification is complete. + */ + public void addChild(WSSecurityConfiguration configuration, TimestampVerification timestampVerification, UnmarshallingContext navigator, String namespaceURI, + String localName) + { + log.trace("addChild: [obj=" + configuration + ",child=" + timestampVerification + "]"); + configuration.setTimestampVerification(timestampVerification); + } + + /** * Called when parsing of a new element started. */ public Object newChild(Config config, UnmarshallingContext navigator, String namespaceURI, String localName, Attributes attrs) @@ -233,7 +271,8 @@ } else if ("encrypt".equals(localName)) { - return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"), attrs.getValue("", "keyWrapAlgorithm"), attrs.getValue("", "tokenReference")); + return new Encrypt(attrs.getValue("", "type"), attrs.getValue("", "alias"), attrs.getValue("", "algorithm"), attrs.getValue("", "keyWrapAlgorithm"), attrs + .getValue("", "tokenReference")); } else if ("timestamp".equals(localName)) { @@ -250,19 +289,19 @@ String digestPasswordAttr = attrs.getValue("", "digestPassword"); if (digestPasswordAttr != null) digestPassword = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, digestPasswordAttr, null); - + //if password digest is enabled, we use nonces by default Boolean useNonce = new Boolean(true); String useNonceAttr = attrs.getValue("", "useNonce"); if (useNonceAttr != null) useNonce = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, useNonceAttr, null); - + //if password digest is enabled, we use the created element by default Boolean useCreated = new Boolean(true); String useCreatedAttr = attrs.getValue("", "useCreated"); if (useCreatedAttr != null) useCreated = (Boolean)SimpleTypeBindings.unmarshal(SimpleTypeBindings.XS_BOOLEAN_NAME, useCreatedAttr, null); - + return new Username(digestPassword, useNonce, useCreated); } Modified: stack/native/branches/dlofthouse/JBWS-1316/src/main/resources/schema/jboss-ws-security_1_0.xsd =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-04-11 16:36:30 UTC (rev 6365) +++ stack/native/branches/dlofthouse/JBWS-1316/src/main/resources/schema/jboss-ws-security_1_0.xsd 2008-04-11 16:41:01 UTC (rev 6366) @@ -38,6 +38,11 @@ <xs:documentation>The passwords for the private keys in the keystore. Only required if the passwords are different from that of the keystore.</xs:documentation> </xs:annotation> </xs:element> + <xs:element name="timestamp-verification" type="timestampVerificationType" minOccurs="0"> + <xs:annotation> + <xs:documentation>The tolerances and logging required when verifying the 'created' and 'expires' value of the timestamps.</xs:documentation> + </xs:annotation> + </xs:element> <xs:element name="config" type="configType" minOccurs="0"> <xs:annotation> <xs:documentation>The default security configuration that is applied to all operations on all ports. This is only used if there is no port/operation config.</xs:documentation> @@ -77,6 +82,28 @@ </xs:annotation> </xs:attribute> </xs:complexType> + <xs:complexType name="timestampVerificationType"> + <xs:attribute name="createdTolerance" type="xs:long" use="optional"> + <xs:annotation> + <xs:documentation>The number of seconds in the future the created value on a message will be accepted.</xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="warnCreated" type="xs:boolean" use="optional"> + <xs:annotation> + <xs:documentation>Specifies if a WARN should be logged if a message in the future is accepted within the configured 'createdTolerance'.</xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="expiresTolerance" type="xs:long" use="optional"> + <xs:annotation> + <xs:documentation>The number of seconds tolerance when checking the expires value of the timestamp.</xs:documentation> + </xs:annotation> + </xs:attribute> + <xs:attribute name="warnExpires" type="xs:boolean" use="optional"> + <xs:annotation> + <xs:documentation>Specifies if a WARN should be logged if an expired message is accepted that is within the 'expiresTolerance'.</xs:documentation> + </xs:annotation> + </xs:attribute> + </xs:complexType> <xs:complexType name="configType" mixed="true"> <xs:all> <xs:element name="timestamp" type="timestampType" minOccurs="0"> Added: stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/JBWS1316ConfigurationTestCase.java =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/JBWS1316ConfigurationTestCase.java (rev 0) +++ stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/JBWS1316ConfigurationTestCase.java 2008-04-11 16:41:01 UTC (rev 6366) @@ -0,0 +1,102 @@ +/* +* JBoss, Home of Professional Open Source +* Copyright 2008, JBoss Inc., and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.test.ws.jaxrpc.jbws1316; + +import java.io.File; +import java.io.IOException; + +import org.jboss.ws.metadata.wsse.TimestampVerification; +import org.jboss.ws.metadata.wsse.WSSecurityConfiguration; +import org.jboss.ws.metadata.wsse.WSSecurityOMFactory; +import org.jboss.wsf.test.JBossWSTest; + +/** + * Test case to test reading the TimestampVerification configuration. + * + * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a> + * @version $Revision$ + */ +public class JBWS1316ConfigurationTestCase extends JBossWSTest +{ + + private WSSecurityConfiguration load(final String fileName) throws IOException + { + File configFile = new File("resources/jaxrpc/jbws1316/config/" + fileName); + WSSecurityOMFactory factory = WSSecurityOMFactory.newInstance(); + + return factory.parse(configFile.toURL()); + } + + /** + * Test loading a wsse configuration with no timestamp-verification + * element. + * + * This test case verifies that no TimestampVerification will be set + * and matches the scenario that would be encountered when reading + * existing descriptors. + */ + public void testLoadNoTimestampVerification() throws Exception + { + WSSecurityConfiguration config = load("jboss-wsse-no-tv.xml"); + assertNull("No TimestampVerification expected.", config.getTimestampVerification()); + } + + /** + * Test loading a wsse configuration with an empty timestamp-verification + * element. + * + * This test case verifies the default values that will be used when missing from + * the timestamp-verification element. + */ + public void testLoadEmptyTimestampVerification() throws Exception + { + WSSecurityConfiguration config = load("jboss-wsse-empty-tv.xml"); + assertNotNull("TimestampVerification Missing", config.getTimestampVerification()); + + TimestampVerification tv = config.getTimestampVerification(); + assertEquals("Expected 'createdTolerance' to be '0'", 0, tv.getCreatedTolerance()); + assertTrue("Expected 'warnCreated' to default to 'true'", tv.isWarnCreated()); + assertEquals("Expected 'expiresTolerance' to be '0'", 0, tv.getExpiresTolerance()); + assertTrue("Expected 'warnExpires' to default to 'true'", tv.isWarnExpires()); + } + + /** + * Test loading a wsse configuration with a full timestamp-verification + * element. + * + * This test case verifies all the values are correctly loaded from the + * timestamp-verification element. + */ + public void testLoadFullTimestampVerification() throws Exception + { + WSSecurityConfiguration config = load("jboss-wsse-full-tv.xml"); + assertNotNull("TimestampVerification Missing", config.getTimestampVerification()); + + TimestampVerification tv = config.getTimestampVerification(); + assertEquals("Expected 'createdTolerance' to be '5'", 5, tv.getCreatedTolerance()); + assertFalse("Expected 'warnCreated' to default to 'false'", tv.isWarnCreated()); + assertEquals("Expected 'expiresTolerance' to be '10'", 10, tv.getExpiresTolerance()); + assertFalse("Expected 'warnExpires' to default to 'false'", tv.isWarnExpires()); + } + +} Property changes on: stack/native/branches/dlofthouse/JBWS-1316/src/test/java/org/jboss/test/ws/jaxrpc/jbws1316/JBWS1316ConfigurationTestCase.java ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-empty-tv.xml =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-empty-tv.xml (rev 0) +++ stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-empty-tv.xml 2008-04-11 16:41:01 UTC (rev 6366) @@ -0,0 +1,5 @@ +<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'> + <timestamp-verification/> +</jboss-ws-security> \ No newline at end of file Property changes on: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-empty-tv.xml ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-full-tv.xml =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-full-tv.xml (rev 0) +++ stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-full-tv.xml 2008-04-11 16:41:01 UTC (rev 6366) @@ -0,0 +1,5 @@ +<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'> + <timestamp-verification createdTolerance="5" warnCreated="false" expiresTolerance="10" warnExpires="false" /> +</jboss-ws-security> \ No newline at end of file Property changes on: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-full-tv.xml ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF Added: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-no-tv.xml =================================================================== --- stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-no-tv.xml (rev 0) +++ stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-no-tv.xml 2008-04-11 16:41:01 UTC (rev 6366) @@ -0,0 +1,6 @@ +<jboss-ws-security xmlns='http://www.jboss.com/ws-security/config' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd'> + + +</jboss-ws-security> \ No newline at end of file Property changes on: stack/native/branches/dlofthouse/JBWS-1316/src/test/resources/jaxrpc/jbws1316/config/jboss-wsse-no-tv.xml ___________________________________________________________________ Name: svn:keywords + Id Revision Name: svn:eol-style + LF