Example usage for javax.xml.datatype XMLGregorianCalendar isValid

List of usage examples for javax.xml.datatype XMLGregorianCalendar isValid

  1. HOME
  2. Java
  3. javax
  4. javax.xml.datatype.*
  5. XMLGregorianCalendar
  6. isValid

Introduction

In this page you can find the example usage for javax.xml.datatype XMLGregorianCalendar isValid.

Prototype

public abstract boolean isValid();

Source Link

Document

Validate instance by getXMLSchemaType() constraints.

Usage

From source file:org.atricore.idbus.capabilities.sso.main.sp.producers.AssertionConsumerProducer.java

private void validateAssertionConditions(ResponseType response, ConditionsType conditions)
        throws SSOException, SSOResponseException {

    if (conditions == null)
        return;//w w  w  .  j a v  a 2  s .c o m

    long tolerance = ((AbstractSSOMediator) channel.getIdentityMediator()).getTimestampValidationTolerance();
    Calendar utcCalendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));

    if (conditions.getConditionOrAudienceRestrictionOrOneTimeUse() == null && conditions.getNotBefore() == null
            && conditions.getNotOnOrAfter() == null) {
        return;
    }

    logger.debug("Current time (UTC): " + utcCalendar.toString());

    XMLGregorianCalendar notBeforeUTC = null;
    XMLGregorianCalendar notOnOrAfterUTC = null;

    if (conditions.getNotBefore() != null) {
        //normalize to UTC         
        logger.debug("Conditions.NotBefore: " + conditions.getNotBefore());

        notBeforeUTC = conditions.getNotBefore().normalize();
        logger.debug("Conditions.NotBefore normalized: " + notBeforeUTC.toString());

        if (!notBeforeUTC.isValid()) {
            throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                    StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.INVALID_UTC_VALUE,
                    notBeforeUTC.toString());
        } else {

            Calendar notBefore = notBeforeUTC.toGregorianCalendar();
            notBefore.add(Calendar.MILLISECOND, (int) tolerance * -1);

            if (utcCalendar.before(notBefore))

                throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                        StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.NOT_BEFORE_VIOLATED,
                        notBeforeUTC.toString());
        }
    }

    // Make sure that the NOT ON OR AFTER is not violated, give a five minutes tolerance (should be configurable)
    if (conditions.getNotOnOrAfter() != null) {
        //normalize to UTC
        logger.debug("Conditions.NotOnOrAfter: " + conditions.getNotOnOrAfter().toString());
        notOnOrAfterUTC = conditions.getNotOnOrAfter().normalize();
        logger.debug("Conditions.NotOnOrAfter normalized: " + notOnOrAfterUTC.toString());
        if (!notOnOrAfterUTC.isValid()) {
            throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                    StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.INVALID_UTC_VALUE,
                    notOnOrAfterUTC.toString());

        } else {

            // diff in millis
            Calendar notOnOrAfter = notOnOrAfterUTC.toGregorianCalendar();
            notOnOrAfter.add(Calendar.MILLISECOND, (int) tolerance);

            if (utcCalendar.after(notOnOrAfter))
                throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                        StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.NOT_ONORAFTER_VIOLATED,
                        notOnOrAfterUTC.toString());
        }
    }

    if (notBeforeUTC != null && notOnOrAfterUTC != null && notOnOrAfterUTC.compare(notBeforeUTC) <= 0) {

        throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.INVALID_CONDITION,
                "'Not On or After' earlier that 'Not Before'");
    }

    // Our SAMLR2 Enityt ID should be part of the audience
    CircleOfTrustMemberDescriptor sp = this.getCotMemberDescriptor();
    MetadataEntry spMd = sp.getMetadata();

    if (spMd == null || spMd.getEntry() == null)
        throw new SSOException("No metadata descriptor found for SP " + sp);

    EntityDescriptorType md = null;
    if (spMd.getEntry() instanceof EntityDescriptorType) {
        md = (EntityDescriptorType) spMd.getEntry();
    } else
        throw new SSOException("Unsupported Metadata type " + md + ", SAML 2 Metadata expected");

    if (conditions.getConditionOrAudienceRestrictionOrOneTimeUse() != null) {
        boolean audienceRestrictionValid = false;
        boolean spInAllAudiences = false;
        boolean initState = true;
        for (ConditionAbstractType conditionAbs : conditions.getConditionOrAudienceRestrictionOrOneTimeUse()) {
            if (conditionAbs instanceof AudienceRestrictionType) {
                AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) conditionAbs;
                if (audienceRestriction.getAudience() != null) {
                    boolean spInAudience = false;
                    for (String audience : audienceRestriction.getAudience()) {
                        if (audience.equals(md.getEntityID())) {
                            spInAudience = true;
                            break;
                        }
                    }
                    spInAllAudiences = (initState ? spInAudience : spInAllAudiences && spInAudience);
                    initState = false;
                }
            }
            audienceRestrictionValid = audienceRestrictionValid || spInAllAudiences;
        }
        if (!audienceRestrictionValid) {
            logger.error("SP is not in Audience list.");
            throw new SSOResponseException(response, StatusCode.TOP_REQUESTER,
                    StatusCode.INVALID_ATTR_NAME_OR_VALUE, StatusDetails.NOT_IN_AUDIENCE);
        }
    }

}