/**
* Get a ConditionsBean object.
*/
public ConditionsBean getConditions(String appliesToAddress, Lifetime tokenLifetime) {
ConditionsBean conditions = new ConditionsBean();
if (lifetime > 0) {
if (acceptClientLifetime && tokenLifetime != null
&& tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) {
try {
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
Date creationTime = fmt.parse(tokenLifetime.getCreated());
Date expirationTime = fmt.parse(tokenLifetime.getExpires());
if (creationTime == null || expirationTime == null) {
LOG.fine("Error in parsing Timestamp Created or Expiration Strings");
throw new STSException(
"Error in parsing Timestamp Created or Expiration Strings",
STSException.INVALID_TIME
);
}
// Check to see if the created time is in the future
Date validCreation = new Date();
long currentTime = validCreation.getTime();
if (futureTimeToLive > 0) {
validCreation.setTime(currentTime + futureTimeToLive * 1000L);
}
if (creationTime.after(validCreation)) {
LOG.fine("The Created Time is too far in the future");
throw new STSException(
"The Created Time is too far in the future", STSException.INVALID_TIME
);
}
long requestedLifetime = expirationTime.getTime() - creationTime.getTime();
if (requestedLifetime > (getMaxLifetime() * 1000L)) {
StringBuilder sb = new StringBuilder();
sb.append("Requested lifetime [").append(requestedLifetime / 1000L);
sb.append(" sec] exceed configured maximum lifetime [").append(getMaxLifetime());
sb.append(" sec]");
LOG.warning(sb.toString());
if (isFailLifetimeExceedance()) {
throw new STSException("Requested lifetime exceeds maximum lifetime",
STSException.INVALID_TIME);
} else {
expirationTime.setTime(creationTime.getTime() + (getMaxLifetime() * 1000L));
}
}
DateTime creationDateTime = new DateTime(creationTime.getTime());
DateTime expirationDateTime = new DateTime(expirationTime.getTime());
conditions.setNotAfter(expirationDateTime);
conditions.setNotBefore(creationDateTime);
} catch (ParseException e) {
LOG.warning("Failed to parse life time element: " + e.getMessage());
conditions.setTokenPeriodMinutes((int)(lifetime / 60L));
}
} else {
conditions.setTokenPeriodMinutes((int)(lifetime / 60L));
}
} else {
conditions.setTokenPeriodMinutes(5);
}
if (appliesToAddress != null) {
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(appliesToAddress));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
}
return conditions;
}