View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.common.util;
21  
22  import java.time.Instant;
23  import java.time.format.DateTimeFormatter;
24  
25  public final class DateUtil {
26  
27      private static final org.slf4j.Logger LOG =
28              org.slf4j.LoggerFactory.getLogger(DateUtil.class);
29  
30      private static final DateTimeFormatter MILLISECOND_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
31  
32      private static final DateTimeFormatter SECOND_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss'Z'");
33  
34      private DateUtil() {
35          // complete
36      }
37  
38      /**
39       * Return true if the "Created" value is before the current time minus the timeToLive
40       * argument, and if the Created value is not "in the future".
41       *
42       * @param timeToLive the value in seconds for the validity of the Created time
43       * @param futureTimeToLive the value in seconds for the future validity of the Created time
44       * @return true if the Date is before (now-timeToLive), false otherwise
45       */
46      public static boolean verifyCreated(
47          Instant created,
48          int timeToLive,
49          int futureTimeToLive
50      ) {
51          if (created == null) {
52              return true;
53          }
54  
55          Instant validCreation = Instant.now();
56          if (futureTimeToLive > 0) {
57              validCreation = validCreation.plusSeconds(futureTimeToLive);
58          }
59          // Check to see if the created time is in the future
60          if (created.isAfter(validCreation)) {
61              LOG.warn("Validation of Created: The message was created in the future!");
62              return false;
63          }
64  
65          // Calculate the time that is allowed for the message to travel
66          validCreation = Instant.now().minusSeconds(timeToLive);
67  
68          // Validate the time it took the message to travel
69          if (created.isBefore(validCreation)) {
70              LOG.warn("Validation of Created: The message was created too long ago");
71              return false;
72          }
73  
74          LOG.debug("Validation of Created: Everything is ok");
75          return true;
76      }
77  
78      public static DateTimeFormatter getDateTimeFormatter(boolean milliseconds) {
79          if (milliseconds) {
80              return MILLISECOND_FORMATTER;
81          }
82          return SECOND_FORMATTER;
83      }
84  }