Merge pull request #320 from mauromol/add-last-message-issue-instant

Add Auth.getLastMessageIssueInstant and Auth.getLastRequestIssueInstant

Author: pitbulk

core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java

@@ -261,4 +261,13 @@ public String getId()
 	{
 		return id;
 	}
+	
+	/**
+	 * Returns the issue instant of this message.
+	 * 
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 */
+	public Calendar getIssueInstant() {
+		return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -4,6 +4,7 @@
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -1243,4 +1244,30 @@ protected void validateSpNameQualifier(final String spNameQualifier) throws Vali
 			throw new ValidationError("The SPNameQualifier value mismatch the SP entityID value.", ValidationError.SP_NAME_QUALIFIER_NAME_MISMATCH);
 		}
 	}
+
+	/**
+	 * Returns the issue instant of this message.
+	 *
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 * @throws ValidationError
+	 *             if the found IssueInstant attribute is not in the expected
+	 *             UTC form of ISO-8601 format
+	 */
+	public Calendar getResponseIssueInstant() throws ValidationError {
+		final Element rootElement = getSAMLResponseDocument()
+				.getDocumentElement();
+		final String issueInstantString = rootElement.hasAttribute(
+				"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+		if(issueInstantString == null)
+			return null;
+		final Calendar result = Calendar.getInstance();
+		try {
+			result.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+		} catch (final IllegalArgumentException e) {
+			throw new ValidationError(
+					"The Response IssueInstant attribute is not in the expected UTC form of ISO-8601 format",
+					ValidationError.INVALID_ISSUE_INSTANT_FORMAT);
+		}
+		return result;
+	}
 }

core/src/main/java/com/onelogin/saml2/exception/ValidationError.java

@@ -53,6 +53,7 @@ public class ValidationError extends SAMLException {
 	public static final int NOT_SUPPORTED = 46;
 	public static final int KEY_ALGORITHM_ERROR = 47;
 	public static final int MISSING_ENCRYPTED_ELEMENT = 48;
+	public static final int INVALID_ISSUE_INSTANT_FORMAT = 49;
 
 	private int errorCode;
 

core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java

@@ -142,7 +142,9 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId,
 			logoutRequestString = substitutor.replace(getLogoutRequestTemplate());
 		} else {
 			logoutRequestString = Util.base64decodedInflated(samlLogoutRequest);
-			id = getId(logoutRequestString);
+			Document doc = Util.loadXML(logoutRequestString);
+			id = getId(doc);
+			issueInstant = getIssueInstant(doc);
 		}
 	}
 
@@ -473,14 +475,14 @@ public Boolean isValid() {
 		}
 	}
 
-    /**
-     * Returns the ID of the Logout Request Document.
-     *
+      /**
+       * Returns the ID of the Logout Request Document.
+       *
 	 * @param samlLogoutRequestDocument
 	 * 				A DOMDocument object loaded from the SAML Logout Request.
 	 *
-     * @return the ID of the Logout Request.
-     */
+       * @return the ID of the Logout Request.
+       */
 	public static String getId(Document samlLogoutRequestDocument) {
 		String id = null;
 		try {
@@ -491,19 +493,55 @@ public static String getId(Document samlLogoutRequestDocument) {
 		return id;
 	}
 
-    /**
-     * Returns the ID of the Logout Request String.
-     *
-	 * @param samlLogoutRequestString
-	 * 				A Logout Request string.
-	 *
-     * @return the ID of the Logout Request.
-     *
-     */
+      /**
+       * Returns the issue instant of the Logout Request Document.
+       *
+       * @param samlLogoutRequestDocument
+       * 				A DOMDocument object loaded from the SAML Logout Request.
+       *
+       * @return the issue instant of the Logout Request.
+       */
+	public static Calendar getIssueInstant(Document samlLogoutRequestDocument) {
+		Calendar issueInstant = null;
+		try {
+			Element rootElement = samlLogoutRequestDocument.getDocumentElement();
+			rootElement.normalize();
+			String issueInstantString = rootElement.hasAttribute(
+					"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+			if(issueInstantString == null)
+				return null;
+			issueInstant = Calendar.getInstance();
+			issueInstant.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+		} catch (Exception e) {}
+		return issueInstant;
+	}
+
+      /**
+       * Returns the ID of the Logout Request String.
+       *
+       * @param samlLogoutRequestString
+       * 				A Logout Request string.
+       *
+       * @return the ID of the Logout Request.
+       *
+       */
 	public static String getId(String samlLogoutRequestString) {
 		Document doc = Util.loadXML(samlLogoutRequestString);
 		return getId(doc);
 	}
+	
+      /**
+       * Returns the issue instant of the Logout Request Document.
+       *
+       * @param samlLogoutRequestDocument
+       * 				A DOMDocument object loaded from the SAML Logout Request.
+       *
+       * @return the issue instant of the Logout Request.
+       */
+	public static Calendar getIssueInstant(String samlLogoutRequestString) {
+		Document doc = Util.loadXML(samlLogoutRequestString);
+		return getIssueInstant(doc);
+	}
 
 	/**
      * Gets the NameID Data from the the Logout Request Document.
@@ -762,4 +800,13 @@ public String getId()
 	{
 		return id;
 	}
+
+	/**
+	 * Returns the issue instant of this message.
+	 * 
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 */
+	public Calendar getIssueInstant() {
+		return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java

@@ -478,7 +478,7 @@ public Exception getValidationException() {
 	}
 
 	/**
-	 * Sets the validation exception that this {@link LogoutResponse} should return
+ 	 * Sets the validation exception that this {@link LogoutResponse} should return
 	 * when a validation error occurs.
 	 * 
 	 * @param validationException
@@ -487,4 +487,33 @@ public Exception getValidationException() {
 	protected void setValidationException(Exception validationException) {
 		this.validationException = validationException;
 	}
+	
+	/**
+	 * Returns the issue instant of this message.
+	 *
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 * @throws ValidationError
+	 *             if this logout response was received and parsed and the found IssueInstant 
+	 *             attribute is not in the expected UTC form of ISO-8601 format
+	 */
+	public Calendar getIssueInstant() throws ValidationError {
+		if(logoutResponseDocument != null) {
+			final Element rootElement = logoutResponseDocument
+					.getDocumentElement();
+			final String issueInstantString = rootElement.hasAttribute(
+					"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+			if(issueInstantString == null)
+				return null;
+			final Calendar result = Calendar.getInstance();
+			try {
+				result.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+			} catch (final IllegalArgumentException e) {
+				throw new ValidationError(
+						"The Response IssueInstant attribute is not in the expected UTC form of ISO-8601 format",
+						ValidationError.INVALID_ISSUE_INSTANT_FORMAT);
+			}
+			return result;
+		} else
+			return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java

@@ -4,11 +4,15 @@
 import static org.hamcrest.CoreMatchers.not;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.List;
 
+import org.junit.Assert;
 import org.junit.Test;
 
 import com.onelogin.saml2.authn.AuthnRequest;
@@ -327,6 +331,32 @@ public void testGetId() throws Exception
 		assertThat(authnRequestStr, containsString("ID=\"" + authnRequest.getId() + "\""));
 	}
 
+	/**
+	 * Tests the getId method of AuthnRequest
+	 *
+	 * @throws Exception
+	 * 
+	 * @see com.onelogin.saml2.authn.AuthnRequest.getId
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception
+	{
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+
+		final long start = System.currentTimeMillis();
+		AuthnRequest authnRequest = new AuthnRequest(settings);
+		final long end = System.currentTimeMillis();
+		final String authnRequestStr = Util.base64decodedInflated(authnRequest.getEncodedAuthnRequest());
+
+		final Calendar issueInstant = authnRequest.getIssueInstant();
+		assertNotNull(issueInstant);
+		final long millis = issueInstant.getTimeInMillis();
+		assertTrue(millis >= start && millis <= end);
+		
+		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
+		assertThat(authnRequestStr, containsString("IssueInstant=\"" + Util.formatDateTime(millis) + "\""));
+	}
+
 	/**
 	 * Tests the AuthnRequest Constructor
 	 * The creation of a deflated SAML Request with and without Destination

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -29,6 +29,7 @@
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -478,6 +479,29 @@ public void testGetNameIdData() throws Exception {
 		assertTrue(samlResponse.getNameIdData().isEmpty());
 	}
 
+	/**
+	 * Tests the getIssueInstant method of SamlResponse
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.authn.SamlResponse#getResponseIssueInstant()
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		String samlResponseEncoded = Util.getFileAsString("data/responses/response1.xml.base64");
+		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2010-11-18T21:57:37Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+
+		samlResponseEncoded = Util.getFileAsString("data/responses/response_encrypted_nameid.xml.base64");
+		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2014-03-09T12:23:37Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+
+		samlResponseEncoded = Util.getFileAsString("data/responses/valid_encrypted_assertion.xml.base64");
+		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2014-03-29T12:01:57Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+	}
+	
 	/**
 	 * Tests the decryptAssertion method of SamlResponse
 	 * Case: EncryptedAssertion with an encryptedData element with a KeyInfo

core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java

@@ -7,9 +7,11 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.List;
 import java.io.IOException;
 import java.net.URISyntaxException;
@@ -24,6 +26,7 @@
 import org.junit.rules.ExpectedException;
 
 import com.onelogin.saml2.logout.LogoutRequest;
+import com.onelogin.saml2.logout.LogoutResponse;
 import com.onelogin.saml2.http.HttpRequest;
 import com.onelogin.saml2.exception.XMLEntityException;
 import com.onelogin.saml2.exception.Error;
@@ -309,6 +312,56 @@ public void testGetId() throws Exception {
 		assertNull(LogoutRequest.getId(""));
 	}
 
+	/**
+	 * Tests the getIssueInstant method of LogoutRequest
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.logout.LogoutRequest#getIssueInstant(String)
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception {
+		String samlRequest = Util.getFileAsString("data/logout_requests/logout_request.xml");
+		Calendar issueInstant = LogoutRequest.getIssueInstant(samlRequest);
+		String expectedIssueInstant = "2013-12-10T04:39:31Z";
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+
+		Document samlRequestDoc = Util.loadXML(samlRequest);
+		issueInstant = LogoutRequest.getIssueInstant(samlRequestDoc);
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+
+		assertNull(LogoutRequest.getIssueInstant(""));
+		
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+		String samlRequestEncoded = Util.getFileAsString("data/logout_requests/logout_request.xml.base64");
+		final String requestURL = "http://stuff.com/endpoints/endpoints/sls.php";
+		HttpRequest httpRequest = newHttpRequest(requestURL, samlRequestEncoded);
+
+		issueInstant = new LogoutRequest(settings, httpRequest).getIssueInstant();
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+	}
+
+	/**
+	 * Tests the getIssueInstant method of LogoutRequest
+	 * <p>
+	 * Case: LogoutRequest message built by the caller
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.logout.LogoutRequest#getIssueInstant(String)
+	 */
+	@Test
+	public void testGetIssueInstantBuiltMessage() throws Exception  {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+		long start = System.currentTimeMillis();
+		LogoutRequest logoutRequest = new LogoutRequest(settings, null);
+		long end = System.currentTimeMillis();
+		Calendar issueInstant = logoutRequest.getIssueInstant();
+		assertNotNull(issueInstant);
+		long millis = issueInstant.getTimeInMillis();
+		assertTrue(millis >= start && millis <= end);
+	}
+
 	/**
 	 * Tests the getNameIdData method of LogoutRequest
 	 * Case: Not able to get the NameIdData due no private key to decrypt