From d9550b5e3f24a0f6013502dcc632c4d2730a6749 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Jan 2014 13:28:46 +0100 Subject: change PVP2 AssertionBuilder to use the same DateTime at every position --- .../pvp2x/builder/assertion/PVP2AssertionBuilder.java | 12 ++++++------ .../protocols/pvp2x/requestHandler/AuthnRequestHandler.java | 6 ++++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index d1d79373c..9e2c89583 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -57,7 +57,7 @@ import at.gv.egovernment.moa.util.Constants; public class PVP2AssertionBuilder implements PVPConstants { public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity) + AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date) throws MOAIDException { Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); @@ -137,7 +137,7 @@ public class PVP2AssertionBuilder implements PVPConstants { AuthnStatement authnStatement = SAML2Utils .createSAMLObject(AuthnStatement.class); String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authnStatement.setAuthnInstant(new DateTime()); + authnStatement.setAuthnInstant(date); // currently dummy id ... authnStatement.setSessionIndex(remoteSessionID); authnStatement.setAuthnContext(authnContext); @@ -300,7 +300,7 @@ public class PVP2AssertionBuilder implements PVPConstants { SubjectConfirmationData subjectConfirmationData = SAML2Utils .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); - subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(5)); + subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5)); //TL: change from entityID to destination URL AssertionConsumerService consumerService = spSSODescriptor @@ -323,9 +323,9 @@ public class PVP2AssertionBuilder implements PVPConstants { audience.setAudienceURI(peerEntity.getEntityID()); audienceRestriction.getAudiences().add(audience); - conditions.setNotBefore(new DateTime()); + conditions.setNotBefore(date); - conditions.setNotOnOrAfter(new DateTime().plusMinutes(5)); + conditions.setNotOnOrAfter(date.plusMinutes(5)); // conditions.setNotOnOrAfter(new DateTime()); conditions.getAudienceRestrictions().add(audienceRestriction); @@ -342,7 +342,7 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setIssuer(issuer); assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); - assertion.setIssueInstant(new DateTime()); + assertion.setIssueInstant(date); return assertion; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 4128a406b..89285bad1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -77,7 +77,9 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); EntityDescriptor peerEntity = obj.getEntityMetadata(); - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); + DateTime date = new DateTime(); + + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date); Response authResponse = SAML2Utils.createSAMLObject(Response.class); @@ -93,7 +95,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { authResponse.setInResponseTo(authnRequest.getID()); //SAML2 response required IssueInstant - authResponse.setIssueInstant(new DateTime()); + authResponse.setIssueInstant(date); authResponse.setStatus(SAML2Utils.getSuccessStatus()); -- cgit v1.2.3