in ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/TimestampInputHandler.java [110:201]
private void checkBSPCompliance(InputProcessorChain inputProcessorChain, TimestampType timestampType,
List<XMLSecEvent> xmlSecEvents) throws WSSecurityException {
final WSInboundSecurityContext securityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
if (timestampType.getCreated() == null) {
securityContext.handleBSPRule(BSPRule.R3203);
}
int createdIndex = -1;
int expiresIndex = -1;
for (int i = 0; i < xmlSecEvents.size(); i++) {
XMLSecEvent xmlSecEvent = xmlSecEvents.get(i);
if (xmlSecEvent.getEventType() == XMLStreamConstants.START_ELEMENT) {
QName name = xmlSecEvent.asStartElement().getName();
if (name.equals(WSSConstants.TAG_WSU_TIMESTAMP)) {
continue;
} else if (name.equals(WSSConstants.TAG_WSU_CREATED)) {
if (createdIndex != -1) {
securityContext.handleBSPRule(BSPRule.R3203);
}
if (expiresIndex != -1) {
securityContext.handleBSPRule(BSPRule.R3221);
}
createdIndex = i;
} else if (name.equals(WSSConstants.TAG_WSU_EXPIRES)) {
if (expiresIndex != -1) {
securityContext.handleBSPRule(BSPRule.R3224);
}
if (createdIndex == -1) {
securityContext.handleBSPRule(BSPRule.R3221);
}
expiresIndex = i;
} else {
securityContext.handleBSPRule(BSPRule.R3222);
}
}
}
if (timestampType.getCreated() != null) {
ZonedDateTime createdDate;
try {
createdDate = timestampType.getCreated().getAsZonedDateTime();
} catch (DateTimeParseException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
if (!ZoneOffset.UTC.equals(createdDate.getZone())) {
securityContext.handleBSPRule(BSPRule.R3217);
}
if (createdDate.getNano() > 0) {
int milliseconds = createdDate.get(ChronoField.MILLI_OF_SECOND);
if (milliseconds * 1000000 != createdDate.getNano()) {
securityContext.handleBSPRule(BSPRule.R3220);
}
}
String valueType = XMLSecurityUtils.getQNameAttribute(timestampType.getCreated().getOtherAttributes(),
WSSConstants.ATT_NULL_VALUE_TYPE);
if (valueType != null) {
securityContext.handleBSPRule(BSPRule.R3225);
}
} else {
securityContext.handleBSPRule(BSPRule.R3203);
}
if (timestampType.getExpires() != null) {
ZonedDateTime expiresDate;
try {
expiresDate = timestampType.getExpires().getAsZonedDateTime();
} catch (DateTimeParseException e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
}
if (!ZoneOffset.UTC.equals(expiresDate.getZone())) {
securityContext.handleBSPRule(BSPRule.R3223);
}
if (expiresDate.getNano() > 0) {
int milliseconds = expiresDate.get(ChronoField.MILLI_OF_SECOND);
if (milliseconds * 1000000 != expiresDate.getNano()) {
securityContext.handleBSPRule(BSPRule.R3229);
}
}
String valueType = XMLSecurityUtils.getQNameAttribute(timestampType.getExpires().getOtherAttributes(),
WSSConstants.ATT_NULL_VALUE_TYPE);
if (valueType != null) {
securityContext.handleBSPRule(BSPRule.R3226);
}
}
}