aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java14
1 files changed, 11 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index d9bc7daaf..385fe90fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
@Autowired AuthConfiguration authConfig;
-
+
/**
* Validate a PVP response and all included assertions
*
@@ -74,6 +74,13 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
* @throws AssertionValidationExeption
*/
public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName) throws AssertionValidationExeption {
+ validateAssertion(samlResp, validateDestination, assertionDecryption, spEntityID, loggerSPName, true);
+
+ }
+
+
+ public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName,
+ boolean validateDateTime) throws AssertionValidationExeption {
try {
if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -102,7 +109,7 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' attribute is not included"});
}
- if (issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+ if (validateDateTime && issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
Logger.warn("PVP response: IssueInstant DateTime is not valid anymore.");
throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' Time is not valid any more"});
@@ -150,7 +157,8 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
if (conditions != null) {
DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
DateTime notafter = conditions.getNotOnOrAfter();
- if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ if (validateDateTime &&
+ (notbefore.isAfterNow() || notafter.isBeforeNow()) ) {
isAssertionValid = false;
Logger.info("Assertion:" + saml2assertion.getID()
+ " is out of Date. "