From 98300831d0774ff814262c4712c58271c9d56ae2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 12 Jun 2008 13:28:45 +0000
Subject: [PATCH] WS-Fed: Check date conditions.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@649 44740490-163a-0410-bde0-09ae8108e29a
---
 www/wsfed/sp/prp.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/www/wsfed/sp/prp.php b/www/wsfed/sp/prp.php
index 6bafe03b7..76e4584e3 100644
--- a/www/wsfed/sp/prp.php
+++ b/www/wsfed/sp/prp.php
@@ -95,6 +95,15 @@ try {
 			$idpEntityId . '\'.');
 	}
 
+	/* Check time constraints of contitions (if present). */
+	foreach($xpath->query('./saml:Conditions', $assertion) as $condition) {
+		$notBefore = $condition->getAttribute('NotBefore');
+		$notOnOrAfter = $condition->getAttribute('NotOnOrAfter');
+		if(!SimpleSAML_Utilities::checkDateConditions($notBefore, $notOnOrAfter)) {
+			throw new Exception('The response has expired.');
+		}
+	}
+
 
 	/* Extract the name identifier from the response. */
 	$nameid = $xpath->query('./saml:AuthenticationStatement/saml:Subject/saml:NameIdentifier', $assertion);
-- 
GitLab