From a628c7cb6389ea8fd6a98750463b3cc6919d96cf Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 26 Jan 2010 10:07:17 +0000
Subject: [PATCH] SAML2_Assertion: Support AuthnInstant.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2135 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SAML2/Assertion.php | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/lib/SAML2/Assertion.php b/lib/SAML2/Assertion.php
index eece94e94..f5b670cc0 100644
--- a/lib/SAML2/Assertion.php
+++ b/lib/SAML2/Assertion.php
@@ -116,6 +116,14 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	private $sessionIndex;
 
 
+	/**
+	 * The timestamp the user was authenticated, as an UNIX timestamp.
+	 *
+	 * @var int
+	 */
+	private $authnInstant;
+
+
 	/**
 	 * The authentication context for this assertion.
 	 *
@@ -180,6 +188,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		$this->id = SimpleSAML_Utilities::generateID();
 		$this->issueInstant = time();
 		$this->issuer = '';
+		$this->authnInstant = time();
 		$this->attributes = array();
 		$this->nameFormat = SAML2_Const::NAMEFORMAT_UNSPECIFIED;
 		$this->certificates = array();
@@ -378,6 +387,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		if (!$as->hasAttribute('AuthnInstant')) {
 			throw new Exception('Missing required AuthnInstant attribute on <saml:AuthnStatement>.');
 		}
+		$this->authnInstant = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('AuthnInstant'));
 
 		if ($as->hasAttribute('SessionNotOnOrAfter')) {
 			$this->sessionNotOnOrAfter = SimpleSAML_Utilities::parseSAML2Time($as->getAttribute('SessionNotOnOrAfter'));
@@ -761,6 +771,29 @@ class SAML2_Assertion implements SAML2_SignedElement {
 	}
 
 
+	/**
+	 * Retrieve the AuthnInstant of the assertion.
+	 *
+	 * @return int  The timestamp the user was authenticated.
+	 */
+	public function getAuthnInstant() {
+
+		return $this->authnInstant;
+	}
+
+
+	/**
+	 * Set the AuthnInstant of the assertion.
+	 *
+	 * @param int $authnInstant  The timestamp the user was authenticated.
+	 */
+	public function setAuthnInstant($authnInstant) {
+		assert('is_int($authnInstant)');
+
+		$this->authnInstant = $authnInstant;
+	}
+
+
 	/**
 	 * Retrieve the session expiration timestamp.
 	 *
@@ -1069,7 +1102,7 @@ class SAML2_Assertion implements SAML2_SignedElement {
 		$as = $document->createElementNS(SAML2_Const::NS_SAML, 'saml:AuthnStatement');
 		$root->appendChild($as);
 
-		$as->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->issueInstant));
+		$as->setAttribute('AuthnInstant', gmdate('Y-m-d\TH:i:s\Z', $this->authnInstant));
 
 		if ($this->sessionNotOnOrAfter !== NULL) {
 			$as->setAttribute('SessionNotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->sessionNotOnOrAfter));
-- 
GitLab