Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-357

Timestamp verification handled at two locations in different ways

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Currently, when verifying timestamp, 'Expired' is verified in WSS4J level if timestampStrict enabled.
      'Created' is verified in PolicyBasedResultsValidator.

      timestampMaxSkew is taken into consideration only when verifying 'Created' in timestamp inside PolicyBasedResultsValidator.

      IMO, both 'Expired' and 'Created' should be verified in PolicyBasedResultsValidator in a consistent way, taking timestampMaxSkew into consideration in both the occasions.

      Hence the proposed solution is like below:
      -Disable timestampStrict in WSConfig by default through Rampart.
      -Verify both 'Expired' and 'Created' in PolicyBasedResultsValidator.
      -Allow to enable verification at WSS4J level through rampart config, if someone needs it.

        Attachments

        1. rampart_patch_trunk_v2.patch
          11 kB
          Hasini Gunasinghe
        2. rampart_357_trunk.patch
          11 kB
          Amila Jayasekara
        3. rampart_357.patch
          9 kB
          Hasini Gunasinghe

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              hasinig Hasini Gunasinghe
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: