Merge branch 'opensaml_4.x' into nightlyBuild

# Conflicts: # eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java # eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java # eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java # eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java # eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java # eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java # pom.xml
author: Thomas <> 2022-01-08 19:50:42 +0100
committer: Thomas <> 2022-01-08 19:50:42 +0100
commit: 5bdcf4b0298da05efb06eb84acdb188e4313df75 (patch)
tree: a1c40aef7914f58950d3ecc06e0811131430ddd3 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
parent: d7f9aa156ad76e5ddaf797a16f1155c37594bd91 (diff)
parent: f59462296cf6eb0401be025a64b1be9ec8afc541 (diff)
download: EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.gz
EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.bz2
EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
index a209a131..2257eba9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
@@ -19,6 +19,8 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
 
+import java.time.Duration;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -76,8 +78,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
 import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.SignatureTrustEngineDecorator;
 import lombok.extern.slf4j.Slf4j;
-import net.shibboleth.utilities.java.support.net.BasicURLComparator;
 import net.shibboleth.utilities.java.support.net.URIException;
+import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator;
 import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 
@@ -95,7 +97,7 @@ public class SamlVerificationEngine {
   private static final Object SIG_VAL_ERROR_MSG = "Signature verification return false";
 
   /**
-   * 5 allow 3 minutes time jitter in before validation.
+   * allow 3 minutes time jitter in before validation.
    */
   private static final int TIME_JITTER = 3;
 
@@ -302,10 +304,11 @@ public class SamlVerificationEngine {
       // validate DateTime conditions
       final Conditions conditions = saml2assertion.getConditions();
       if (conditions != null) {
-        final DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
-        final DateTime notafter = conditions.getNotOnOrAfter();
+        final Instant notbefore = conditions.getNotBefore().minus(Duration.ofMinutes(5));
+        final Instant notafter = conditions.getNotOnOrAfter();
+        final Instant now = Instant.now();
         if (validateDateTime
-            && (notbefore.isAfterNow() || notafter.isBeforeNow())) {
+            && (notbefore.isAfter(now) || notafter.isBefore(now))) {
           isAssertionValid = false;
           log.info("Assertion with ID:{} is out of Date. [ Current:{}  NotBefore:{} NotAfter:{} ]",
               saml2assertion.getID(), new DateTime(), notbefore, notafter);
@@ -495,14 +498,14 @@ public class SamlVerificationEngine {
       throws SamlAssertionValidationExeption {
     if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) {
       // validate response issueInstant
-      final DateTime issueInstant = samlResp.getIssueInstant();
+      final Instant issueInstant = samlResp.getIssueInstant();
       if (issueInstant == null) {
         log.warn("PVP response does not include a 'IssueInstant' attribute");
         throw new SamlAssertionValidationExeption(ERROR_14,
             new Object[] { loggerName, "'IssueInstant' attribute is not included" });
 
       }
-      if (validateDateTime && issueInstant.minusMinutes(TIME_JITTER).isAfterNow()) {
+      if (validateDateTime && issueInstant.minus(Duration.ofMinutes(TIME_JITTER)).isAfter(Instant.now())) {
         log.warn("PVP response: IssueInstant DateTime is not valid anymore.");
         throw new SamlAssertionValidationExeption(ERROR_14,
             new Object[] { loggerName, "'IssueInstant' Time is not valid any more" });
author	Thomas <>	2022-01-08 19:50:42 +0100
committer	Thomas <>	2022-01-08 19:50:42 +0100
commit	5bdcf4b0298da05efb06eb84acdb188e4313df75 (patch)
tree	a1c40aef7914f58950d3ecc06e0811131430ddd3 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java
parent	d7f9aa156ad76e5ddaf797a16f1155c37594bd91 (diff)
parent	f59462296cf6eb0401be025a64b1be9ec8afc541 (diff)
download	EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.gz EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.tar.bz2 EAAF-Components-5bdcf4b0298da05efb06eb84acdb188e4313df75.zip