From bb21974ea69b1705ef574569980a82640ca1de69 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 26 Aug 2015 13:56:30 +0200 Subject: add PVP 2.1 AuthnRequest IssueInstant validation --- .../gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 075494f68..a8349f0ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -594,6 +594,18 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo { AuthnRequest authnRequest = (AuthnRequest)samlReq; + if (authnRequest.getIssueInstant() == null) { + Logger.warn("Unsupported request: No IssueInstant Attribute found."); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}); + + } + + if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) { + Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore."); + throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {}); + + } + //parse AssertionConsumerService AssertionConsumerService consumerService = null; if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && -- cgit v1.2.3