diff options
author | Thomas <> | 2022-01-08 19:50:42 +0100 |
---|---|---|
committer | Thomas <> | 2022-01-08 19:50:42 +0100 |
commit | 5bdcf4b0298da05efb06eb84acdb188e4313df75 (patch) | |
tree | a1c40aef7914f58950d3ecc06e0811131430ddd3 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java | |
parent | d7f9aa156ad76e5ddaf797a16f1155c37594bd91 (diff) | |
parent | f59462296cf6eb0401be025a64b1be9ec8afc541 (diff) | |
download | EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.gz EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.bz2 EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.zip |
Merge branch 'opensaml_4.x' into nightlyBuild
# Conflicts:
# eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java
# eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
# eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java
# eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java
# eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java
# eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
# pom.xml
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index a209a131..2257eba9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -19,6 +19,8 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; +import java.time.Duration; +import java.time.Instant; import java.util.ArrayList; import java.util.List; @@ -76,8 +78,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.SignatureTrustEngineDecorator; import lombok.extern.slf4j.Slf4j; -import net.shibboleth.utilities.java.support.net.BasicURLComparator; import net.shibboleth.utilities.java.support.net.URIException; +import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.xml.SerializeSupport; @@ -95,7 +97,7 @@ public class SamlVerificationEngine { private static final Object SIG_VAL_ERROR_MSG = "Signature verification return false"; /** - * 5 allow 3 minutes time jitter in before validation. + * allow 3 minutes time jitter in before validation. */ private static final int TIME_JITTER = 3; @@ -302,10 +304,11 @@ public class SamlVerificationEngine { // validate DateTime conditions final Conditions conditions = saml2assertion.getConditions(); if (conditions != null) { - final DateTime notbefore = conditions.getNotBefore().minusMinutes(5); - final DateTime notafter = conditions.getNotOnOrAfter(); + final Instant notbefore = conditions.getNotBefore().minus(Duration.ofMinutes(5)); + final Instant notafter = conditions.getNotOnOrAfter(); + final Instant now = Instant.now(); if (validateDateTime - && (notbefore.isAfterNow() || notafter.isBeforeNow())) { + && (notbefore.isAfter(now) || notafter.isBefore(now))) { isAssertionValid = false; log.info("Assertion with ID:{} is out of Date. [ Current:{} NotBefore:{} NotAfter:{} ]", saml2assertion.getID(), new DateTime(), notbefore, notafter); @@ -495,14 +498,14 @@ public class SamlVerificationEngine { throws SamlAssertionValidationExeption { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { // validate response issueInstant - final DateTime issueInstant = samlResp.getIssueInstant(); + final Instant issueInstant = samlResp.getIssueInstant(); if (issueInstant == null) { log.warn("PVP response does not include a 'IssueInstant' attribute"); throw new SamlAssertionValidationExeption(ERROR_14, new Object[] { loggerName, "'IssueInstant' attribute is not included" }); } - if (validateDateTime && issueInstant.minusMinutes(TIME_JITTER).isAfterNow()) { + if (validateDateTime && issueInstant.minus(Duration.ofMinutes(TIME_JITTER)).isAfter(Instant.now())) { log.warn("PVP response: IssueInstant DateTime is not valid anymore."); throw new SamlAssertionValidationExeption(ERROR_14, new Object[] { loggerName, "'IssueInstant' Time is not valid any more" }); |