Author: sguilhen(a)redhat.com
Date: 2009-06-03 10:44:13 -0400 (Wed, 03 Jun 2009)
New Revision: 568
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
Log:
JBID-124: Changed SAML20TokenProvider to use the hasExpired method from AssertionUtil.
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-03
14:36:05 UTC (rev 567)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-03
14:44:13 UTC (rev 568)
@@ -40,7 +40,9 @@
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.core.wstrust.Lifetime;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
@@ -207,16 +209,16 @@
// if the signature is valid, check the lifetime.
try
{
- if(!SAMLUtil.isLifetimeValid(assertion))
+ if(AssertionUtil.hasExpired(assertion))
{
code = WSTrustConstants.STATUS_CODE_INVALID;
reason = "Validation failure: assertion expired or used before its
lifetime period";
}
}
- catch(Exception e)
+ catch(ConfigurationException ce)
{
code = WSTrustConstants.STATUS_CODE_INVALID;
- reason = "Validation failure: unable to verify assertion lifetime:
" + e.getMessage();
+ reason = "Validation failure: unable to verify assertion lifetime:
" + ce.getMessage();
}
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-03
14:36:05 UTC (rev 567)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-03
14:44:13 UTC (rev 568)
@@ -21,23 +21,16 @@
*/
package org.jboss.identity.federation.api.wstrust.plugins.saml;
-import java.util.GregorianCalendar;
-
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeConstants;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.dom.DOMResult;
import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.w3c.dom.Document;
@@ -108,35 +101,6 @@
/**
* <p>
- * Checks if the specified assertion is being used within its lifetime period.
- * </p>
- *
- * @param assertion the {@code AssertionType} whose lifetime is being validated.
- * @return {@code true} if the specified assertion's lifetime is valid; {@code
false} otherwise.
- * @throws DatatypeConfigurationException if a configuration error prevents us from
creating a
- * {@code XMLGregorianCalendar} that represents the current time. This
object is compared to the lifetime
- * boundaries specified by the assertion conditions.
- */
- public static boolean isLifetimeValid(AssertionType assertion) throws
DatatypeConfigurationException
- {
- DatatypeFactory factory = DatatypeFactory.newInstance();
-
- // construct a XMLGregorianCalendar representing the current UTC time.
- XMLGregorianCalendar currentTime = factory.newXMLGregorianCalendar(new
GregorianCalendar()).normalize();
- ConditionsType conditions = assertion.getConditions();
-
- // compare the current time with the conditions of the assertion.
- XMLGregorianCalendar notBefore = conditions.getNotBefore();
- XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
-
- boolean isNotBefore = currentTime.compare(notBefore) != DatatypeConstants.LESSER;
- boolean isNotOnOrAfter = currentTime.compare(notOnOrAfter) ==
DatatypeConstants.LESSER;
-
- return isNotBefore && isNotOnOrAfter;
- }
-
- /**
- * <p>
* A {@code NamespacePrefixMapper} implementation that maps the most used namespaces
to commonly used prefixes.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-06-03
14:36:05 UTC (rev 567)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-06-03
14:44:13 UTC (rev 568)
@@ -44,7 +44,7 @@
ConditionsType conditionsType = assertion.getConditions();
if(conditionsType != null)
{
- return XMLTimeUtil.isValid(XMLTimeUtil.getIssueInstant(),
+ return !XMLTimeUtil.isValid(XMLTimeUtil.getIssueInstant(),
conditionsType.getNotBefore(), conditionsType.getNotOnOrAfter());
}
//TODO: if conditions do not exist, assume the assertion to be everlasting?
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-06-03
14:36:05 UTC (rev 567)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-06-03
14:44:13 UTC (rev 568)
@@ -126,7 +126,7 @@
return false;
val = notOnOrAfter.compare(now);
- if(val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.LESSER)
+ if(val != DatatypeConstants.GREATER)
return false;
return true;
}
Show replies by date