From bf95e8329693111c837766cabe8bc1658042c4fc Mon Sep 17 00:00:00 2001 From: Chris Andrews Date: Dec 20 2010 13:51:24 +0000 Subject: Provide a valid() method to indicate if Assertion's Conditions are met. --- diff --git a/lib/Net/SAML2/Protocol/Assertion.pm b/lib/Net/SAML2/Protocol/Assertion.pm index 047ca8b..42927ce 100644 --- a/lib/Net/SAML2/Protocol/Assertion.pm +++ b/lib/Net/SAML2/Protocol/Assertion.pm @@ -3,6 +3,7 @@ use Moose; use MooseX::Types::Moose qw/ Str HashRef ArrayRef /; use MooseX::Types::DateTime qw/ DateTime /; use MooseX::Types::Common::String qw/ NonEmptySimpleStr /; +use DateTime; use DateTime::Format::XSD; with 'Net::SAML2::Role::Templater', @@ -82,4 +83,29 @@ sub name { return $self->attributes->{CN}->[0]; } +=head2 valid( $audience ) + +Returns true if this Assertion is currently valid for the given audience. + +Checks the audience matches, and that the current time is within the +Assertions validity period as specified in its Conditions element. + +=cut + +sub valid { + my ($self, $audience) = @_; + + return 0 unless defined $audience; + return 0 unless ($audience eq $self->audience); + + my $now = DateTime::->now; + + # not_before is "NotBefore" element - exact match is ok + # not_after is "NotOnOrAfter" element - exact match is *not* ok + return 0 unless DateTime::->compare($now, $self->not_before) > -1; + return 0 unless DateTime::->compare($self->not_after, $now) > 0; + + return 1; +} + 1; diff --git a/t/03-assertions.t b/t/03-assertions.t index 978698e..9c7cb18 100644 --- a/t/03-assertions.t +++ b/t/03-assertions.t @@ -80,5 +80,15 @@ is($assertion->attributes->{Phone2}->[2], '345678'); isa_ok($assertion->not_before, 'DateTime'); isa_ok($assertion->not_after, 'DateTime'); is($assertion->audience, 'http://ct.local'); +is($assertion->valid('foo'), 0); +is($assertion->valid('http://ct.local'), 0); + +# fudge validity times to test valid() +$assertion->{not_before} = DateTime->now; +$assertion->{not_after} = DateTime->now->add( minutes => 15); +is($assertion->valid('http://ct.local'), 1); + +$assertion->{not_before} = DateTime->now->add( minutes => 5 ); +is($assertion->valid('http://ct.local'), 0); done_testing;