diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-26 13:56:30 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-08-26 13:56:30 +0200 | 
| commit | bb21974ea69b1705ef574569980a82640ca1de69 (patch) | |
| tree | 45c046a1943b34c008b3ce8e052271bc84743daf /id/server/idserverlib/src | |
| parent | 631f31124f44895b5271846213445f10a5e41800 (diff) | |
| download | moa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.tar.gz moa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.tar.bz2 moa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.zip | |
add PVP 2.1 AuthnRequest IssueInstant validation
Diffstat (limited to 'id/server/idserverlib/src')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 12 | 
1 files changed, 12 insertions, 0 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 075494f68..a8349f0ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -594,6 +594,18 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		AuthnRequest authnRequest = (AuthnRequest)samlReq; +		if (authnRequest.getIssueInstant() == null) { +			Logger.warn("Unsupported request: No IssueInstant Attribute found."); +			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}); +			 +		} +		 +		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { +			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); +			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}); +			 +		} +			  		//parse AssertionConsumerService  		AssertionConsumerService consumerService = null;  		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&  | 
