View Javadoc

1   /*
2    * Copyright 2008 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.saml2.metadata.provider;
18  
19  import org.joda.time.DateTime;
20  import org.joda.time.Interval;
21  import org.opensaml.saml2.metadata.EntitiesDescriptor;
22  import org.opensaml.saml2.metadata.EntityDescriptor;
23  import org.opensaml.xml.XMLObject;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  /**
28   * A metadata filter that requires the presence of a <code>validUntil</code> attribute on the root element of the
29   * metadata document. It can optionally also enforce that the validity period (now minus <code>validUntil</code> date)
30   * is not longer than a specified amount.
31   * 
32   * A maximum validity interval of less than 1 means the no restriction is placed on the metadata's
33   * <code>validUntil</code> attribute.
34   */
35  public class RequiredValidUntilFilter implements MetadataFilter {
36  
37      /** Class logger. */
38      private final Logger log = LoggerFactory.getLogger(RequiredValidUntilFilter.class);
39  
40      /** The maximum interval, in milliseconds, between now and the <code>validUntil</code> date. */
41      private long maxValidityInterval;
42  
43      /** Constructor. */
44      public RequiredValidUntilFilter() {
45          maxValidityInterval = 0;
46      }
47  
48      /**
49       * Constructor.
50       * 
51       * @param maxValidityInterval maximum internal, in seconds, between now and the <code>validUntil</code> date
52       */
53      public RequiredValidUntilFilter(long maxValidityInterval) {
54          this.maxValidityInterval = maxValidityInterval * 1000;
55      }
56  
57      /**
58       * Gets the maximum internal, in seconds, between now and the <code>validUntil</code> date. A value of less than 1
59       * indicates that there is no restriction.
60       * 
61       * @return maximum internal, in seconds, between now and the <code>validUntil</code> date
62       */
63      public long getMaxValidityInterval() {
64          return maxValidityInterval;
65      }
66  
67      /** {@inheritDoc} */
68      public void doFilter(XMLObject metadata) throws FilterException {
69          DateTime validUntil;
70  
71          if (metadata instanceof EntitiesDescriptor) {
72              validUntil = ((EntitiesDescriptor) metadata).getValidUntil();
73          } else if (metadata instanceof EntityDescriptor) {
74              validUntil = ((EntityDescriptor) metadata).getValidUntil();
75          } else {
76              log.error("Metadata root element was not an EntitiesDescriptor or EntityDescriptor it was a {}", metadata
77                      .getElementQName());
78              throw new FilterException("Metadata root element was not an EntitiesDescriptor or EntityDescriptor");
79          }
80  
81          if (validUntil == null) {
82              throw new FilterException("Metadata did not include a validUntil attribute");
83          }
84  
85          if (maxValidityInterval > 0) {
86              long validityInterval = new Interval(new DateTime(), validUntil).toDurationMillis();
87              if (validityInterval > maxValidityInterval) {
88                  throw new FilterException("Metadata's validity interval, " + validityInterval
89                          + "ms, is larger than is allowed, " + maxValidityInterval + "ms.");
90              }
91          }
92      }
93  }