private Map<DateTime, DateTime> getValidNotBeforeAndAfterDetails(SubjectConfirmationData subjectConfirmationData, long timeSkew) throws IdentityOAuth2Exception { Map<DateTime, DateTime> timeConstrainsFromSubjectConfirmation = new HashMap<>(); DateTime notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); DateTime notBefore = subjectConfirmationData.getNotBefore(); if (isWithinValidTimeWindow(notOnOrAfter, notBefore, timeSkew)) { if (notOnOrAfter != null) { timeConstrainsFromSubjectConfirmation.put(notOnOrAfter, notBefore); } else { if (log.isDebugEnabled()){ log.debug("Cannot find valid NotOnOrAfter and NotBefore attributes in " + "SubjectConfirmationData " + subjectConfirmationData.toString()); } } } return timeConstrainsFromSubjectConfirmation; }
/** * Validates the <code>NotBefore</code> condition of the {@link SubjectConfirmationData}, if any is present. * * @param confirmation confirmation method, with {@link SubjectConfirmationData}, being validated * @param assertion assertion bearing the confirmation method * @param context current validation context * * @return the result of the validation evaluation */ protected ValidationResult validateNotBefore(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context) { DateTime skewedNow = new DateTime(ISOChronology.getInstanceUTC()).plus(getClockSkew(context)); DateTime notBefore = confirmation.getSubjectConfirmationData().getNotBefore(); if (notBefore != null && notBefore.isAfter(skewedNow)) { context.setValidationFailureMessage(String.format( "Subject confirmation, in assertion '%s', with NotBefore condition of '%s' is not yet valid"+ assertion.getID()+", "+ notBefore)); return ValidationResult.INVALID; } return ValidationResult.VALID; }
SubjectConfirmationData subjectCD = (SubjectConfirmationData) samlObject; if (subjectCD.getNotBefore() != null) { String notBeforeStr = Configuration.getSAMLDateFormatter().print(subjectCD.getNotBefore()); domElement.setAttributeNS(null, SubjectConfirmationData.NOT_BEFORE_ATTRIB_NAME, notBeforeStr);
protected void processSAMLAssertion() { this.setAssertionId(assertion.getID()); Subject subject = assertion.getSubject(); //Read the validity period from the 'Conditions' element, else read it from SC Data if (assertion.getConditions() != null) { Conditions conditions = assertion.getConditions(); if (conditions.getNotBefore() != null) { this.setDateNotBefore(conditions.getNotBefore().toDate()); } if (conditions.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate()); } } else { SubjectConfirmationData scData = subject.getSubjectConfirmations() .get(0).getSubjectConfirmationData(); if (scData.getNotBefore() != null) { this.setDateNotBefore(scData.getNotBefore().toDate()); } if (scData.getNotOnOrAfter() != null) { this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate()); } } }
validateTime(now, subjectConfirmationData.getNotBefore(), subjectConfirmationData.getNotOnOrAfter(), maxTimeOffset);
if (data.getNotBefore() != null && data.getNotBefore().isAfterNow()) { log.debug("HoK SubjectConfirmation invalidated by notBefore field"); continue; if (data.getNotBefore() != null && data.getNotOnOrAfter().isBeforeNow()) { log.debug("HoK SubjectConfirmation invalidated by expired notOnOrAfter"); continue;
if (data.getNotBefore() != null) { log.debug("Bearer SubjectConfirmation invalidated by not before which is forbidden"); continue;
if (data.getNotBefore() != null) { System.out.println("Assertion contains not before in bearer confirmation, which is forbidden"); throw new SAMLException("SAML Assertion is invalid");