From bae8e68f55b472c790c42ec0f0ba722570424ba5 Mon Sep 17 00:00:00 2001
From: Scott Battaglia <scott.battaglia@gmail.com>
Date: Tue, 24 Jul 2012 23:01:35 -0400
Subject: [PATCH] CASC-185

add authentication time to assertion and also actually use the validity period for Assertion.
---
 .../org/jasig/cas/client/validation/Assertion.java   |  8 ++++++++
 .../jasig/cas/client/validation/AssertionImpl.java   | 12 ++++++++++--
 .../cas/client/validation/Saml11TicketValidator.java |  5 ++++-
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java
index 75ac70d..1e835ee 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java
@@ -48,6 +48,14 @@ public interface Assertion extends Serializable {
      */
     Date getValidUntilDate();
 
+    /**
+     * The date the authentication actually occurred on.  If its unable to be determined, it should be set to the current
+     * time.
+     *
+     * @return the authentication date, or the current time if it can't be determined.
+     */
+    Date getAuthenticationDate();
+
     /**
      * The key/value pairs associated with this assertion.
      *
diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java
index a845fe8..c15a6e3 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java
@@ -46,6 +46,8 @@ public final class AssertionImpl implements Assertion {
     /** The date the assertion is valid until. */
     private final Date validUntilDate;
 
+    private final Date authenticationDate;
+
     /** Map of key/value pairs associated with this assertion. I.e. authentication type. */
     private final Map<String,Object> attributes;
 
@@ -77,7 +79,7 @@ public final class AssertionImpl implements Assertion {
      * @param attributes the key/value pairs for this attribute.
      */
     public AssertionImpl(final AttributePrincipal principal, final Map<String,Object> attributes) {
-        this(principal, new Date(), null, attributes);
+        this(principal, new Date(), null, new Date(), attributes);
     }
 
     /**
@@ -88,16 +90,22 @@ public final class AssertionImpl implements Assertion {
      * @param validUntilDate when the assertion is valid to.
      * @param attributes the key/value pairs for this attribute.
      */
-    public AssertionImpl(final AttributePrincipal principal, final Date validFromDate, final Date validUntilDate, final Map<String,Object> attributes) {
+    public AssertionImpl(final AttributePrincipal principal, final Date validFromDate, final Date validUntilDate, final Date authenticationDate, final Map<String,Object> attributes) {
         this.principal = principal;
         this.validFromDate = validFromDate;
         this.validUntilDate = validUntilDate;
         this.attributes = attributes;
+        this.authenticationDate = authenticationDate;
 
         CommonUtils.assertNotNull(this.principal, "principal cannot be null.");
         CommonUtils.assertNotNull(this.validFromDate, "validFromDate cannot be null.");
         CommonUtils.assertNotNull(this.attributes, "attributes cannot be null.");
     }
+
+    public Date getAuthenticationDate() {
+        return this.authenticationDate;
+    }
+
     public Date getValidFromDate() {
         return this.validFromDate;
     }
diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java
index dcfa8cf..cbbc4fb 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java
@@ -156,7 +156,10 @@ public final class Saml11TicketValidator extends AbstractUrlBasedTicketValidator
                 final Map<String,Object> authenticationAttributes = new HashMap<String,Object>();
                 authenticationAttributes.put("samlAuthenticationStatement::authMethod", authenticationStatement.getAuthenticationMethod());
 
-                return new AssertionImpl(principal, authenticationAttributes);
+                final DateTime notBefore = assertion.getConditions().getNotBefore();
+                final DateTime notOnOrAfter = assertion.getConditions().getNotOnOrAfter();
+                final DateTime authenticationInstant = authenticationStatement.getAuthenticationInstant();
+                return new AssertionImpl(principal, notBefore.toDate(), notOnOrAfter.toDate(), authenticationInstant.toDate(), authenticationAttributes);
             }
        } catch (final UnmarshallingException e) {
             throw new TicketValidationException(e);