add PVP 2.1 AuthnRequest IssueInstant validation

1 files changed, 12 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 075494f68..a8349f0ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -594,6 +594,18 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {
 		
 		AuthnRequest authnRequest = (AuthnRequest)samlReq;
 		
+		if (authnRequest.getIssueInstant() == null) {
+			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+			
+		}
+		
+		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+			
+		}
+			
 		//parse AssertionConsumerService
 		AssertionConsumerService consumerService = null;
 		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&