Add Auth.getLastMessageIssueInstant and Auth.getLastRequestIssueInstant

Each message (AuthnRequest, SamlResponse, LogoutRequest and
LogoutResponse) have been enhanced to expose their issue instant. This
is useful for logging purposes (i.e.: you want to track each request
you generate and each response you receive, along with their issue
instant), which is also required when implementing a SPID Service
Provider (SPID is a SAML 2.0-based federated system used by the Italian
government).
I also tried to implement some tests for Auth, but I did not succeed for
the "received message" scenario, because, to be coherent with the "last
message id" case, the "last message issue instant" information is set
on the Auth instance only if the message processing succeeds (i.e.: the
processed message is valid). The test data used here seems to fail
validation because of time expiration (which is reasonable), so testing
these methods in the "receive" scenario would require to write test
messages with valid timestamps dynamically.

Author: mauromol

core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java

@@ -261,4 +261,13 @@ public String getId()
 	{
 		return id;
 	}
+	
+	/**
+	 * Returns the issue instant of this message.
+	 * 
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 */
+	public Calendar getIssueInstant() {
+		return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -4,6 +4,7 @@
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -1239,4 +1240,30 @@ protected void validateSpNameQualifier(final String spNameQualifier) throws Vali
 			throw new ValidationError("The SPNameQualifier value mismatch the SP entityID value.", ValidationError.SP_NAME_QUALIFIER_NAME_MISMATCH);
 		}
 	}
+
+	/**
+	 * Returns the issue instant of this message.
+	 *
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 * @throws ValidationError
+	 *             if the found IssueInstant attribute is not in the expected
+	 *             UTC form of ISO-8601 format
+	 */
+	public Calendar getResponseIssueInstant() throws ValidationError {
+		final Element rootElement = getSAMLResponseDocument()
+				.getDocumentElement();
+		final String issueInstantString = rootElement.hasAttribute(
+				"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+		if(issueInstantString == null)
+			return null;
+		final Calendar result = Calendar.getInstance();
+		try {
+			result.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+		} catch (final IllegalArgumentException e) {
+			throw new ValidationError(
+					"The Response IssueInstant attribute is not in the expected UTC form of ISO-8601 format",
+					ValidationError.INVALID_ISSUE_INSTANT_FORMAT);
+		}
+		return result;
+	}
 }

core/src/main/java/com/onelogin/saml2/exception/ValidationError.java

@@ -53,6 +53,7 @@ public class ValidationError extends SAMLException {
 	public static final int NOT_SUPPORTED = 46;
 	public static final int KEY_ALGORITHM_ERROR = 47;
 	public static final int MISSING_ENCRYPTED_ELEMENT = 48;
+	public static final int INVALID_ISSUE_INSTANT_FORMAT = 49;
 
 	private int errorCode;
 

core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java

@@ -144,7 +144,9 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId,
 			logoutRequestString = substitutor.replace(getLogoutRequestTemplate());
 		} else {
 			logoutRequestString = Util.base64decodedInflated(samlLogoutRequest);
-			id = getId(logoutRequestString);
+			Document doc = Util.loadXML(logoutRequestString);
+			id = getId(doc);
+			issueInstant = getIssueInstant(doc);
 		}
 	}
 
@@ -487,14 +489,14 @@ public Boolean isValid() throws Exception {
 		}
 	}
 
-    /**
-     * Returns the ID of the Logout Request Document.
-     *
+      /**
+       * Returns the ID of the Logout Request Document.
+       *
 	 * @param samlLogoutRequestDocument
 	 * 				A DOMDocument object loaded from the SAML Logout Request.
 	 *
-     * @return the ID of the Logout Request.
-     */
+       * @return the ID of the Logout Request.
+       */
 	public static String getId(Document samlLogoutRequestDocument) {
 		String id = null;
 		try {
@@ -505,19 +507,55 @@ public static String getId(Document samlLogoutRequestDocument) {
 		return id;
 	}
 
-    /**
-     * Returns the ID of the Logout Request String.
-     *
-	 * @param samlLogoutRequestString
-	 * 				A Logout Request string.
-	 *
-     * @return the ID of the Logout Request.
-     *
-     */
+      /**
+       * Returns the issue instant of the Logout Request Document.
+       *
+       * @param samlLogoutRequestDocument
+       * 				A DOMDocument object loaded from the SAML Logout Request.
+       *
+       * @return the issue instant of the Logout Request.
+       */
+	public static Calendar getIssueInstant(Document samlLogoutRequestDocument) {
+		Calendar issueInstant = null;
+		try {
+			Element rootElement = samlLogoutRequestDocument.getDocumentElement();
+			rootElement.normalize();
+			String issueInstantString = rootElement.hasAttribute(
+					"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+			if(issueInstantString == null)
+				return null;
+			issueInstant = Calendar.getInstance();
+			issueInstant.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+		} catch (Exception e) {}
+		return issueInstant;
+	}
+
+      /**
+       * Returns the ID of the Logout Request String.
+       *
+       * @param samlLogoutRequestString
+       * 				A Logout Request string.
+       *
+       * @return the ID of the Logout Request.
+       *
+       */
 	public static String getId(String samlLogoutRequestString) {
 		Document doc = Util.loadXML(samlLogoutRequestString);
 		return getId(doc);
 	}
+	
+      /**
+       * Returns the issue instant of the Logout Request Document.
+       *
+       * @param samlLogoutRequestDocument
+       * 				A DOMDocument object loaded from the SAML Logout Request.
+       *
+       * @return the issue instant of the Logout Request.
+       */
+	public static Calendar getIssueInstant(String samlLogoutRequestString) {
+		Document doc = Util.loadXML(samlLogoutRequestString);
+		return getIssueInstant(doc);
+	}
 
 	/**
      * Gets the NameID Data from the the Logout Request Document.
@@ -766,4 +804,13 @@ public String getId()
 	{
 		return id;
 	}
+
+	/**
+	 * Returns the issue instant of this message.
+	 * 
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 */
+	public Calendar getIssueInstant() {
+		return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java

@@ -475,4 +475,33 @@ public String getError() {
 	public Exception getValidationException() {
 		return validationException;
 	}
+	
+	/**
+	 * Returns the issue instant of this message.
+	 *
+	 * @return a new {@link Calendar} instance carrying the issue instant of this message
+	 * @throws ValidationError
+	 *             if this logout response was received and parsed and the found IssueInstant 
+	 *             attribute is not in the expected UTC form of ISO-8601 format
+	 */
+	public Calendar getIssueInstant() throws ValidationError {
+		if(logoutResponseDocument != null) {
+			final Element rootElement = logoutResponseDocument
+					.getDocumentElement();
+			final String issueInstantString = rootElement.hasAttribute(
+					"IssueInstant")? rootElement.getAttribute("IssueInstant"): null;
+			if(issueInstantString == null)
+				return null;
+			final Calendar result = Calendar.getInstance();
+			try {
+				result.setTimeInMillis(Util.parseDateTime(issueInstantString).getMillis());
+			} catch (final IllegalArgumentException e) {
+				throw new ValidationError(
+						"The Response IssueInstant attribute is not in the expected UTC form of ISO-8601 format",
+						ValidationError.INVALID_ISSUE_INSTANT_FORMAT);
+			}
+			return result;
+		} else
+			return issueInstant == null? null: (Calendar) issueInstant.clone();
+	}
 }

core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java

@@ -4,11 +4,15 @@
 import static org.hamcrest.CoreMatchers.not;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.List;
 
+import org.junit.Assert;
 import org.junit.Test;
 
 import com.onelogin.saml2.authn.AuthnRequest;
@@ -327,6 +331,32 @@ public void testGetId() throws Exception
 		assertThat(authnRequestStr, containsString("ID=\"" + authnRequest.getId() + "\""));
 	}
 
+	/**
+	 * Tests the getId method of AuthnRequest
+	 *
+	 * @throws Exception
+	 * 
+	 * @see com.onelogin.saml2.authn.AuthnRequest.getId
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception
+	{
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+
+		final long start = System.currentTimeMillis();
+		AuthnRequest authnRequest = new AuthnRequest(settings);
+		final long end = System.currentTimeMillis();
+		final String authnRequestStr = Util.base64decodedInflated(authnRequest.getEncodedAuthnRequest());
+
+		final Calendar issueInstant = authnRequest.getIssueInstant();
+		assertNotNull(issueInstant);
+		final long millis = issueInstant.getTimeInMillis();
+		assertTrue(millis >= start && millis <= end);
+		
+		assertThat(authnRequestStr, containsString("<samlp:AuthnRequest"));
+		assertThat(authnRequestStr, containsString("IssueInstant=\"" + Util.formatDateTime(millis) + "\""));
+	}
+
 	/**
 	 * Tests the AuthnRequest Constructor
 	 * The creation of a deflated SAML Request with and without Destination

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -29,6 +29,7 @@
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -478,6 +479,29 @@ public void testGetNameIdData() throws Exception {
 		assertTrue(samlResponse.getNameIdData().isEmpty());
 	}
 
+	/**
+	 * Tests the getIssueInstant method of SamlResponse
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.authn.SamlResponse#getResponseIssueInstant()
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		String samlResponseEncoded = Util.getFileAsString("data/responses/response1.xml.base64");
+		SamlResponse samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2010-11-18T21:57:37Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+
+		samlResponseEncoded = Util.getFileAsString("data/responses/response_encrypted_nameid.xml.base64");
+		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2014-03-09T12:23:37Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+
+		samlResponseEncoded = Util.getFileAsString("data/responses/valid_encrypted_assertion.xml.base64");
+		samlResponse = new SamlResponse(settings, newHttpRequest(samlResponseEncoded));
+		assertEquals("2014-03-29T12:01:57Z", Util.formatDateTime(samlResponse.getResponseIssueInstant().getTimeInMillis()));
+	}
+	
 	/**
 	 * Tests the decryptAssertion method of SamlResponse
 	 * Case: EncryptedAssertion with an encryptedData element with a KeyInfo

core/src/test/java/com/onelogin/saml2/test/logout/LogoutRequestTest.java

@@ -7,9 +7,11 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.List;
 import java.io.IOException;
 import java.net.URISyntaxException;
@@ -24,6 +26,7 @@
 import org.junit.rules.ExpectedException;
 
 import com.onelogin.saml2.logout.LogoutRequest;
+import com.onelogin.saml2.logout.LogoutResponse;
 import com.onelogin.saml2.http.HttpRequest;
 import com.onelogin.saml2.exception.XMLEntityException;
 import com.onelogin.saml2.exception.Error;
@@ -309,6 +312,56 @@ public void testGetId() throws Exception {
 		assertNull(LogoutRequest.getId(""));
 	}
 
+	/**
+	 * Tests the getIssueInstant method of LogoutRequest
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.logout.LogoutRequest#getIssueInstant(String)
+	 */
+	@Test
+	public void testGetIssueInstant() throws Exception {
+		String samlRequest = Util.getFileAsString("data/logout_requests/logout_request.xml");
+		Calendar issueInstant = LogoutRequest.getIssueInstant(samlRequest);
+		String expectedIssueInstant = "2013-12-10T04:39:31Z";
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+
+		Document samlRequestDoc = Util.loadXML(samlRequest);
+		issueInstant = LogoutRequest.getIssueInstant(samlRequestDoc);
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+
+		assertNull(LogoutRequest.getIssueInstant(""));
+		
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+		String samlRequestEncoded = Util.getFileAsString("data/logout_requests/logout_request.xml.base64");
+		final String requestURL = "http://stuff.com/endpoints/endpoints/sls.php";
+		HttpRequest httpRequest = newHttpRequest(requestURL, samlRequestEncoded);
+
+		issueInstant = new LogoutRequest(settings, httpRequest).getIssueInstant();
+		assertEquals(expectedIssueInstant, Util.formatDateTime(issueInstant.getTimeInMillis()));
+	}
+
+	/**
+	 * Tests the getIssueInstant method of LogoutRequest
+	 * <p>
+	 * Case: LogoutRequest message built by the caller
+	 *
+	 * @throws Exception
+	 *
+	 * @see com.onelogin.saml2.logout.LogoutRequest#getIssueInstant(String)
+	 */
+	@Test
+	public void testGetIssueInstantBuiltMessage() throws Exception  {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build();
+		long start = System.currentTimeMillis();
+		LogoutRequest logoutRequest = new LogoutRequest(settings, null);
+		long end = System.currentTimeMillis();
+		Calendar issueInstant = logoutRequest.getIssueInstant();
+		assertNotNull(issueInstant);
+		long millis = issueInstant.getTimeInMillis();
+		assertTrue(millis >= start && millis <= end);
+	}
+
 	/**
 	 * Tests the getNameIdData method of LogoutRequest
 	 * Case: Not able to get the NameIdData due no private key to decrypt