Examples of ReplayCache

• org.apache.directory.server.kerberos.shared.replay.ReplayCache
  "The replay cache will store at least the server name, along with the client name, time, and microsecond fields from the recently-seen authenticators, and if a matching tuple is found, the KRB_AP_ERR_REPEAT error is returned." @author Apache Directory Project @version $Rev: 589775 $, $Date: 2007-10-29 19:04:59 +0100 (Lun, 29 oct 2007) $
• org.apache.ws.security.cache.ReplayCache
  A cache to store (String) identifiers to avoid replay attacks. An example of such an identifier is a UsernameToken nonce.
• org.apache.wss4j.common.cache.ReplayCache
  A cache to store (String) identifiers to avoid replay attacks. An example of such an identifier is a UsernameToken nonce.
• org.opensaml.util.storage.ReplayCache
  Class that uses an underlying {@link StorageService} to track information associated with messages in order to detectmessage replays. This class is thread-safe and uses a basic reentrant lock to avoid corruption of the underlying store, as well as to prevent race conditions with respect to replay checking.

Examples of org.apache.wss4j.common.cache.ReplayCache

            && samlAssertion.getSaml2().getConditions() != null
            && samlAssertion.getSaml2().getConditions().getOneTimeUse() != null
            && data.getSamlOneTimeUseReplayCache() != null) {
            String identifier = samlAssertion.getId();

            ReplayCache replayCache = data.getSamlOneTimeUseReplayCache();
            if (replayCache.contains(identifier)) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.INVALID_SECURITY,
                    "badSamlToken",
                    "A replay attack has been detected");
            }

            DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter();
            if (expires != null) {
                Date rightNow = new Date();
                long currentTime = rightNow.getTime();
                long expiresTime = expires.getMillis();
                replayCache.add(identifier, 1L + (expiresTime - currentTime) / 1000L);
            } else {
                replayCache.add(identifier);
            }

            replayCache.add(identifier);
        }
    }

Examples of org.apache.wss4j.common.cache.ReplayCache

        //
        UsernameToken ut =
            new UsernameToken(token, allowNamespaceQualifiedPasswordTypes, data.getBSPEnforcer());

        // Test for replay attacks
        ReplayCache replayCache = data.getNonceReplayCache();
        if (replayCache != null && ut.getNonce() != null) {
            if (replayCache.contains(ut.getNonce())) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.INVALID_SECURITY,
                    "badUsernameToken",
                    "A replay attack has been detected"
                );
            }

            // If no Created, then just cache for the default time
            // Otherwise, cache for the configured TTL of the UsernameToken Created time, as any
            // older token will just get rejected anyway
            Date created = ut.getCreatedDate();
            if (created == null || utTTL <= 0) {
                replayCache.add(ut.getNonce());
            } else {
                replayCache.add(ut.getNonce(), utTTL + 1L);
            }
        }

        // Validate whether the security semantics have expired
        if (!ut.verifyCreated(utTTL, futureTimeToLive)) {

Examples of org.apache.wss4j.common.cache.ReplayCache

        Element signatureElement,
        byte[] signatureValue,
        RequestData requestData,
        WSDocInfo wsDocInfo
    ) throws WSSecurityException {
        ReplayCache replayCache = requestData.getTimestampReplayCache();
        if (replayCache == null) {
            return;
        }

        // Find the Timestamp
        List<WSSecurityEngineResult> foundResults = wsDocInfo.getResultsByTag(WSConstants.TS);
        Timestamp timeStamp = null;
        if (foundResults.isEmpty()) {
            // Search for a Timestamp below the Signature
            Node sibling = signatureElement.getNextSibling();
            while (sibling != null) {
                if (sibling instanceof Element
                    && WSConstants.TIMESTAMP_TOKEN_LN.equals(sibling.getLocalName())
                    && WSConstants.WSU_NS.equals(sibling.getNamespaceURI())) {
                    timeStamp = new Timestamp((Element)sibling, requestData.getBSPEnforcer());
                    break;
                }
                sibling = sibling.getNextSibling();
            }
        } else {
            timeStamp = (Timestamp)foundResults.get(0).get(WSSecurityEngineResult.TAG_TIMESTAMP);
        }
        if (timeStamp == null) {
            return;
        }

        // Test for replay attacks
        Date created = timeStamp.getCreated();
        DateFormat zulu = new XmlSchemaDateFormat();
        String identifier = zulu.format(created) + "" + Arrays.hashCode(signatureValue);

        if (replayCache.contains(identifier)) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.INVALID_SECURITY,
                "invalidTimestamp",
                "A replay attack has been detected");
        }

        // Store the Timestamp/SignatureValue combination in the cache
        Date expires = timeStamp.getExpires();
        if (expires != null) {
            Date rightNow = new Date();
            long currentTime = rightNow.getTime();
            long expiresTime = expires.getTime();
            replayCache.add(identifier, 1L + (expiresTime - currentTime) / 1000L);
        } else {
            replayCache.add(identifier);
        }

    }

Examples of org.apache.wss4j.common.cache.ReplayCache

            for (QName key : validatorMap.keySet()) {
                properties.addValidator(key, validatorMap.get(key));
            }
        }

        ReplayCache nonceCache =
            (ReplayCache)config.get(ConfigurationConstants.NONCE_CACHE_INSTANCE);
        if (nonceCache != null) {
            properties.setNonceReplayCache(nonceCache);
        }

        ReplayCache timestampCache =
            (ReplayCache)config.get(ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE);
        if (timestampCache != null) {
            properties.setTimestampReplayCache(timestampCache);
        }

        ReplayCache samlOneTimeUseCache =
            (ReplayCache)config.get(ConfigurationConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
        if (samlOneTimeUseCache != null) {
            properties.setSamlOneTimeUseReplayCache(samlOneTimeUseCache);
        }

Examples of org.apache.wss4j.common.cache.ReplayCache

            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
        }

        //done signature; now test sig-verification:
        ReplayCache replayCache = null;
        {
            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
            replayCache = securityProperties.getTimestampReplayCache();
            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);

Examples of org.apache.wss4j.common.cache.ReplayCache

            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
        }

        //done UsernameToken; now test verification:
        ReplayCache replayCache = null;
        {
            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
            replayCache = securityProperties.getNonceReplayCache();
            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);

Examples of org.apache.wss4j.common.cache.ReplayCache

            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
        }

        // process SAML Token
        ReplayCache replayCache = null;
        {
            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
            replayCache = securityProperties.getSamlOneTimeUseReplayCache();
            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));

Examples of org.apache.wss4j.common.cache.ReplayCache

            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
        }

        // process SAML Token
        ReplayCache replayCache = null;
        {
            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
            replayCache = securityProperties.getSamlOneTimeUseReplayCache();
            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));

Examples of org.apache.wss4j.common.cache.ReplayCache

        // Verify Created
        final WSSSecurityProperties wssSecurityProperties = (WSSSecurityProperties) securityProperties;
        Date createdDate = verifyCreated(wssSecurityProperties, usernameTokenType);

        ReplayCache replayCache = wssSecurityProperties.getNonceReplayCache();
        final EncodedString encodedNonce =
                XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
        if (encodedNonce != null && replayCache != null) {
            // Check for replay attacks
            String nonce = encodedNonce.getValue();
            if (replayCache.contains(nonce)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
            }

            // If no Created, then just cache for the default time
            // Otherwise, cache for the configured TTL of the UsernameToken Created time, as any
            // older token will just get rejected anyway
            int utTTL = wssSecurityProperties.getUtTTL();
            if (createdDate == null || utTTL <= 0) {
                replayCache.add(nonce);
            } else {
                replayCache.add(nonce, utTTL + 1L);
            }
        }

        final WSInboundSecurityContext wsInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        final List<QName> elementPath = getElementPath(eventQueue);

Examples of org.apache.wss4j.common.cache.ReplayCache

    }

    private void detectReplayAttack(InputProcessorChain inputProcessorChain) throws WSSecurityException {
        TimestampSecurityEvent timestampSecurityEvent =
                inputProcessorChain.getSecurityContext().get(WSSConstants.PROP_TIMESTAMP_SECURITYEVENT);
        ReplayCache replayCache =
            ((WSSSecurityProperties)getSecurityProperties()).getTimestampReplayCache();
        if (timestampSecurityEvent != null && replayCache != null) {
            final String cacheKey = String.valueOf(
                    timestampSecurityEvent.getCreated().getTimeInMillis()) +
                    "" + Arrays.hashCode(getSignatureType().getSignatureValue().getValue());
            if (replayCache.contains(cacheKey)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
            }

            // Store the Timestamp/SignatureValue combination in the cache
            Calendar expiresCal = timestampSecurityEvent.getExpires();
            if (expiresCal != null) {
                Date rightNow = new Date();
                long currentTime = rightNow.getTime();
                long expiresTime = expiresCal.getTimeInMillis();
                replayCache.add(cacheKey, 1L + (expiresTime - currentTime) / 1000L);
            } else {
                replayCache.add(cacheKey);
            }
        }
    }