5 files changed, 293 insertions, 201 deletions
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
index beceac57f..c602ad38a 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/CustomAttributeQueryValidator.java
@@ -1,57 +1,69 @@
-package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.SubjectQuery;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> {
-	
-	/*
-	 * Validate action.
-	 * 
-	 * @param qaa the quality authentication assurance level attribute
-	 * 
-	 * @throws ValidationException the validation exception
-	 */
-	public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException {
-		validateAssertion(attrQuery);
-		validateSubject(attrQuery);
-		validateDestination(attrQuery);
-	}
-
-
-	/**
-	 * Validate assertion.
-	 * 
-	 * @param attrQuery the attribute query
-	 * 
-	 * @throws ValidationException the validation exception
-	 */
-	protected final void validateAssertion(final CustomAttributeQuery attrQuery)
-	throws ValidationException {
-		if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) {
-			throw new ValidationException("Consumer Service URL must be specified.");
-		}
-	}
-	
-	//Validate subject
-	protected void validateSubject(CustomAttributeQuery query) throws ValidationException {
-        if (query.getSubject() == null)
-            throw new ValidationException("Subject is required");
-    }
-	
-	//Validate destination
-	protected void validateDestination(CustomAttributeQuery query) throws ValidationException {
-        if (query.getDestination() == null)
-            throw new ValidationException("Destination is required");
-    }
-
-}
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.CustomAttributeQuery;
+
+public class CustomAttributeQueryValidator implements Validator<CustomAttributeQuery> {
+	
+	/**
+	 * Validate action.
+	 * 
+	 * @param attrQuery the attribute query to validate
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	public final void validate(final CustomAttributeQuery attrQuery) throws ValidationException {
+		validateAssertion(attrQuery);
+		validateSubject(attrQuery);
+		validateDestination(attrQuery);
+	}
+
+
+	/**
+	 * Validate assertion.
+	 * 
+	 * @param attrQuery the attribute query
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	protected final void validateAssertion(final CustomAttributeQuery attrQuery)
+	throws ValidationException {
+		if (DatatypeHelper.isEmpty(attrQuery.getAssertionConsumerServiceURL())) {
+			throw new ValidationException("Consumer Service URL must be specified.");
+		}
+	}
+	
+	/**
+	 * Validate subject
+	 * @param query the attribute query to validate
+	 * @throws ValidationException the validation exception
+	 */ 
+	protected void validateSubject(CustomAttributeQuery query) throws ValidationException {
+        if (query.getSubject() == null)
+            throw new ValidationException("Subject is required");
+    }
+	
+	/**
+	 * Validate the destination
+	 * @param query the query to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateDestination(CustomAttributeQuery query) throws ValidationException {
+        if (query.getDestination() == null)
+            throw new ValidationException("Destination is required");
+    }
+	
+	/**
+	 * Validate the destination
+	 * @param query the query to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateTime(CustomAttributeQuery query) throws ValidationException {
+        if (query.getIssueInstant().isAfterNow())
+            throw new ValidationException("Issue time is in the futue");
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
index 760d9c188..491549aac 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/ExtensionsSchemaValidator.java
@@ -1,61 +1,61 @@
-/* 
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- * 
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import java.util.List;
-
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class ExtensionsSchemaValidator.
- * 
- * @author fjquevedo
- */
-public class ExtensionsSchemaValidator implements Validator<Extensions> {
-
-
-    /**
-     * validate the extensions.
-     * 
-     * @param extensions the extensions
-     * 
-     * @throws ValidationException the validation exception
-     */
-    public final void validate(final Extensions extensions)
-    throws ValidationException {
-	if (extensions.getUnknownXMLObjects() == null
-		|| extensions.getUnknownXMLObjects().size() <= 0) {
-	    throw new ValidationException("Extension element is empty or not exist.");
-	}
-	
-	List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME);
-	
-	if (qaa.size() == 1) {
-		final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator();
-		validatorQaa.validate((QAAAttribute) qaa.get(0));
-	} else {
-		throw new ValidationException(
-	    "Extensions must contain only one element QAALevel.");
-	}
-
-    }
-
-}
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.validator;
+
+import java.util.List;
+
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class ExtensionsSchemaValidator.
+ * 
+ * @author fjquevedo
+ */
+public class ExtensionsSchemaValidator implements Validator<Extensions> {
+
+
+    /**
+     * validate the extensions.
+     * 
+     * @param extensions the extensions
+     * 
+     * @throws ValidationException the validation exception
+     */
+    public final void validate(final Extensions extensions)
+    throws ValidationException {
+	if (extensions.getUnknownXMLObjects() == null
+		|| extensions.getUnknownXMLObjects().size() <= 0) {
+	    throw new ValidationException("Extension element is empty or not exist.");
+	}
+	
+	List<XMLObject> qaa = extensions.getUnknownXMLObjects(QAAAttribute.DEF_ELEMENT_NAME);
+	
+	if (qaa.size() == 1) {
+		final Validator<QAAAttribute> validatorQaa = new QAAAttributeSchemaValidator();
+		validatorQaa.validate((QAAAttribute) qaa.get(0));
+	} else {
+		throw new ValidationException(
+	    "Extensions must contain only one element QAALevel.");
+	}
+
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
new file mode 100644
index 000000000..72639c8ee
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
@@ -0,0 +1,80 @@
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+
+public class MultipleAssertionResponseValidator implements Validator<Response> {
+	
+	/**
+	 * Validate action.
+	 * 
+	 * @param response the response to validate
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	public final void validate(final Response response) throws ValidationException {
+		validateAssertion(response);
+		validateConsent(response);
+		validateDestination(response);		
+		validateTime(response);
+		validateId(response);
+	}
+
+
+	/**
+	 * Validate assertion.
+	 * 
+	 * @param response the attribute query
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	protected final void validateAssertion(final Response response)
+	throws ValidationException {
+		if (response.getAssertions() == null || response.getAssertions().size() < 2) {
+			throw new ValidationException("Multiple assertions must be specified.");
+		}
+	}
+	
+	/**
+	 * Validate the Consent
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateConsent(Response response) throws ValidationException {
+        if (response.getConsent() == null)
+            throw new ValidationException("Consent is required");
+    }
+	
+	/**
+	 * Validate the destination
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateDestination(Response response) throws ValidationException {
+        if (response.getDestination() == null)
+            throw new ValidationException("Destination is required");
+    }
+	
+	/**
+	 * Validate issue times
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateTime(Response response) throws ValidationException {		
+        if (response.getIssueInstant().isAfterNow())
+            throw new ValidationException("Issue time is in the futue");
+    }
+	
+	/**
+	 * Validate ids
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateId(Response response) throws ValidationException {		
+        if (response.getID() == null || response.getInResponseTo() == null)
+            throw new ValidationException("Id and response id is required");
+    }
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
index be5dc8c34..44c9db380 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/QAAAttributeSchemaValidator.java
@@ -1,65 +1,65 @@
-/* 
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- * 
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-package eu.stork.peps.auth.engine.core.validator;
-
-import org.opensaml.xml.util.DatatypeHelper;
-import org.opensaml.xml.validation.ValidationException;
-import org.opensaml.xml.validation.Validator;
-
-import eu.stork.peps.auth.engine.core.QAAAttribute;
-
-/**
- * The Class QAAAttributeSchemaValidator.
- * 
- * @author fjquevedo
- */
-public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
-
-
-	/**
-	 * Validate action.
-	 * 
-	 * @param qaa the quality authentication assurance level attribute
-	 * 
-	 * @throws ValidationException the validation exception
-	 */
-	public final void validate(final QAAAttribute qaa) throws ValidationException {
-		validateAction(qaa);
-	}
-
-
-	/**
-	 * Validate action.
-	 * 
-	 * @param qaaAttribute the quality authentication assurance level attribute.
-	 * 
-	 * @throws ValidationException the validation exception
-	 */
-	protected final void validateAction(final QAAAttribute qaaAttribute)
-	throws ValidationException {
-		if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
-			throw new ValidationException("QAALevel label must be specified.");
-		}
-
-		final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
-
-		if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
-			throw new ValidationException(
-					"QAALevel label must be greater than 0.");
-		}
-	}
-
-}
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+import eu.stork.peps.auth.engine.core.QAAAttribute;
+
+/**
+ * The Class QAAAttributeSchemaValidator.
+ * 
+ * @author fjquevedo
+ */
+public class QAAAttributeSchemaValidator implements Validator<QAAAttribute> {
+
+
+	/**
+	 * Validate action.
+	 * 
+	 * @param qaa the quality authentication assurance level attribute
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	public final void validate(final QAAAttribute qaa) throws ValidationException {
+		validateAction(qaa);
+	}
+
+
+	/**
+	 * Validate action.
+	 * 
+	 * @param qaaAttribute the quality authentication assurance level attribute.
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	protected final void validateAction(final QAAAttribute qaaAttribute)
+	throws ValidationException {
+		if (DatatypeHelper.isEmpty(qaaAttribute.getQaaLevel())) {
+			throw new ValidationException("QAALevel label must be specified.");
+		}
+
+		final int qaa = Integer.valueOf(qaaAttribute.getQaaLevel());
+
+		if (qaa < QAAAttribute.MIN_VALUE || qaa > QAAAttribute.MAX_VALUE) {
+			throw new ValidationException(
+					"QAALevel label must be greater than 0.");
+		}
+	}
+
+}
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
index b98cf7157..07b632773 100644
--- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/package-info.java
@@ -1,19 +1,19 @@
-/* 
- * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence. You may
- * obtain a copy of the Licence at:
- * 
- * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * Licence for the specific language governing permissions and limitations under
- * the Licence.
- */
-
-/**
- * Validation rules for STORK 1.0 core types and elements.
- */
+/* 
+ * Licensed under the EUPL, Version 1.1 or – as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence. You may
+ * obtain a copy of the Licence at:
+ * 
+ * http://www.osor.eu/eupl/european-union-public-licence-eupl-v.1.1
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ */
+
+/**
+ * Validation rules for STORK 1.0 core types and elements.
+ */
 package eu.stork.peps.auth.engine.core.validator;
 \ No newline at end of file