diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index a209a131..2257eba9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -19,6 +19,8 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.verification; +import java.time.Duration; +import java.time.Instant; import java.util.ArrayList; import java.util.List; @@ -76,8 +78,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.SignatureTrustEngineDecorator; import lombok.extern.slf4j.Slf4j; -import net.shibboleth.utilities.java.support.net.BasicURLComparator; import net.shibboleth.utilities.java.support.net.URIException; +import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.xml.SerializeSupport; @@ -95,7 +97,7 @@ public class SamlVerificationEngine { private static final Object SIG_VAL_ERROR_MSG = "Signature verification return false"; /** - * 5 allow 3 minutes time jitter in before validation. + * allow 3 minutes time jitter in before validation. */ private static final int TIME_JITTER = 3; @@ -302,10 +304,11 @@ public class SamlVerificationEngine { // validate DateTime conditions final Conditions conditions = saml2assertion.getConditions(); if (conditions != null) { - final DateTime notbefore = conditions.getNotBefore().minusMinutes(5); - final DateTime notafter = conditions.getNotOnOrAfter(); + final Instant notbefore = conditions.getNotBefore().minus(Duration.ofMinutes(5)); + final Instant notafter = conditions.getNotOnOrAfter(); + final Instant now = Instant.now(); if (validateDateTime - && (notbefore.isAfterNow() || notafter.isBeforeNow())) { + && (notbefore.isAfter(now) || notafter.isBefore(now))) { isAssertionValid = false; log.info("Assertion with ID:{} is out of Date. [ Current:{} NotBefore:{} NotAfter:{} ]", saml2assertion.getID(), new DateTime(), notbefore, notafter); @@ -495,14 +498,14 @@ public class SamlVerificationEngine { throws SamlAssertionValidationExeption { if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS)) { // validate response issueInstant - final DateTime issueInstant = samlResp.getIssueInstant(); + final Instant issueInstant = samlResp.getIssueInstant(); if (issueInstant == null) { log.warn("PVP response does not include a 'IssueInstant' attribute"); throw new SamlAssertionValidationExeption(ERROR_14, new Object[] { loggerName, "'IssueInstant' attribute is not included" }); } - if (validateDateTime && issueInstant.minusMinutes(TIME_JITTER).isAfterNow()) { + if (validateDateTime && issueInstant.minus(Duration.ofMinutes(TIME_JITTER)).isAfter(Instant.now())) { log.warn("PVP response: IssueInstant DateTime is not valid anymore."); throw new SamlAssertionValidationExeption(ERROR_14, new Object[] { loggerName, "'IssueInstant' Time is not valid any more" }); |