From 5848cd0057ad9f607e8c117c18481f5caebfd357 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 17:03:22 +0100
Subject: update Session-Transfer-Module to restore session

---
 .../pvp2x/verification/SAMLVerificationEngineSP.java       | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src/main/java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index d9bc7daaf..385fe90fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger;
 public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 	
 	@Autowired AuthConfiguration authConfig;
-	
+
 	/**
 	 * Validate a PVP response and all included assertions
 	 * 
@@ -74,6 +74,13 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 	 * @throws AssertionValidationExeption
 	 */
 	public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName) throws AssertionValidationExeption {
+		validateAssertion(samlResp, validateDestination, assertionDecryption, spEntityID, loggerSPName, true);
+		
+	}
+	
+	
+	public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName,
+			boolean validateDateTime) throws AssertionValidationExeption {
 		try {
 			if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 				List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -102,7 +109,7 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 					throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' attribute is not included"});
 					
 				} 								
-				if (issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+				if (validateDateTime && issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
 					Logger.warn("PVP response: IssueInstant DateTime is not valid anymore.");
 					throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' Time is not valid any more"});
 					
@@ -150,7 +157,8 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 						if (conditions != null) {
 							DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
 							DateTime notafter = conditions.getNotOnOrAfter();
-							if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+							if (validateDateTime &&  
+									(notbefore.isAfterNow() || notafter.isBeforeNow()) ) {
 								isAssertionValid = false;
 								Logger.info("Assertion:" + saml2assertion.getID() 
 										+ " is out of Date. "
-- 
cgit v1.2.3