aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-08-26 13:56:30 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-08-26 13:56:30 +0200
commitbb21974ea69b1705ef574569980a82640ca1de69 (patch)
tree45c046a1943b34c008b3ce8e052271bc84743daf /id
parent631f31124f44895b5271846213445f10a5e41800 (diff)
downloadmoa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.tar.gz
moa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.tar.bz2
moa-id-spss-bb21974ea69b1705ef574569980a82640ca1de69.zip
add PVP 2.1 AuthnRequest IssueInstant validation
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java12
1 files changed, 12 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 075494f68..a8349f0ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -594,6 +594,18 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
AuthnRequest authnRequest = (AuthnRequest)samlReq;
+ if (authnRequest.getIssueInstant() == null) {
+ Logger.warn("Unsupported request: No IssueInstant Attribute found.");
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+
+ }
+
+ if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+ Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
+ throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+
+ }
+
//parse AssertionConsumerService
AssertionConsumerService consumerService = null;
if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&