SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
if (samlMsgCtx.getInboundSAMLMessageIssueInstant() == null) {
if(requiredRule){
log.warn("Inbound SAML message issue instant not present in message context");
throw new SecurityPolicyException("Inbound SAML message issue instant not present in message context");
}else{
return;
}
}
DateTime issueInstant = samlMsgCtx.getInboundSAMLMessageIssueInstant();
DateTime now = new DateTime();
DateTime latestValid = now.plusSeconds(clockSkew);
DateTime expiration = issueInstant.plusSeconds(clockSkew + expires);
// Check message wasn't issued in the future
if (issueInstant.isAfter(latestValid)) {
log.warn("Message was not yet valid: message time was {}, latest valid is: {}", issueInstant, latestValid);
throw new SecurityPolicyException("Message was rejected because was issued in the future");
}
// Check message has not expired
if (expiration.isBefore(now)) {
log.warn("Message was expired: message issue time was '" + issueInstant + "', message expired at: '"
+ expiration + "', current time: '" + now + "'");
throw new SecurityPolicyException("Message was rejected due to issue instant expiration");
}
}