public virtual void WriteXml(XmlDictionaryWriter writer, SamlSerializer samlSerializer, SecurityTokenSerializer keyInfoSerializer) { if (writer == null) { throw new ArgumentNullException("writer"); } if (samlSerializer == null) { throw new ArgumentNullException("samlSerializer"); } writer.WriteStartElement("saml", "Conditions", SamlConstants.Namespace); CultureInfo invariant = CultureInfo.InvariantCulture; if (has_not_before) { writer.WriteAttributeString("NotBefore", NotBefore.ToString(SamlConstants.DateFormat, invariant)); } if (has_not_on_after) { writer.WriteAttributeString("NotOnOrAfter", NotOnOrAfter.ToString(SamlConstants.DateFormat, invariant)); } foreach (SamlCondition cond in Conditions) { cond.WriteXml(writer, samlSerializer, keyInfoSerializer); } writer.WriteEndElement(); }
private void CreateConditions(XElement assertion) { var conditions = XmlUtil.CreateElement(SamlTags.Conditions); conditions.Add(new XAttribute(SamlAttributes.NotBefore, NotBefore.FormatDateTimeXml())); conditions.Add(new XAttribute(SamlAttributes.NotOnOrAfter, NotOnOrAfter.FormatDateTimeXml())); var audienceRestriction = XmlUtil.CreateElement(SamlTags.AudienceRestriction); var audience = XmlUtil.CreateElement(SamlTags.Audience); audience.Value = AudienceRestriction; audienceRestriction.Add(audience); conditions.Add(audienceRestriction); assertion.Add(conditions); }
public void ValidateTimestamp(long allowedDriftInSeconds) { if (allowedDriftInSeconds < 0) { throw new ArgumentException("'allowedDriftInSeconds' must not be negative!"); } var now = DateTimeEx.UtcNowRound; if (now.AddSeconds(allowedDriftInSeconds) < NotBefore) { throw new ModelException("OIOSAML token is not valid yet - now: " + now.FormatDateTimeXml() + ". OIOSAML token validity start: " + NotBefore.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds"); } if (now.AddSeconds(-allowedDriftInSeconds) > NotOnOrAfter) { throw new ModelException("OIOSAML token no longer valid - now: " + now.FormatDateTimeXml() + ". OIOSAML token validity end: " + NotOnOrAfter.FormatDateTimeXml() + ". Allowed clock drift: " + allowedDriftInSeconds + " seconds"); } }
/// <summary> /// Checks if the expiration time has been exceeded. /// </summary> public bool IsExpired() { return(DateTime.UtcNow > NotOnOrAfter.AddMinutes(_allowedClockSkewMinutes)); }