From 2afaec46a8d5d663590ca1fd166f88cc63f4556e Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sun, 19 Sep 2010 21:44:56 +0200
Subject: [PATCH] Propagate expiry time from assertion

---
 util_attr.cpp | 21 +++++++++++++++++++++
 util_attr.h   |  4 ++++
 util_saml.cpp | 17 +++++++++++++++++
 util_saml.h   |  2 ++
 4 files changed, 44 insertions(+)

diff --git a/util_attr.cpp b/util_attr.cpp
index 098dcb6..c6388d7 100644
--- a/util_attr.cpp
+++ b/util_attr.cpp
@@ -372,6 +372,25 @@ gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
     return ret;
 }
 
+time_t
+gss_eap_attr_ctx::getExpiryTime(void) const
+{
+    unsigned int i;
+    time_t expiryTime = 0;
+
+    for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) {
+        time_t providerExpiryTime = m_providers[i]->getExpiryTime();
+
+        if (providerExpiryTime == 0)
+            continue;
+
+        if (expiryTime == 0 || providerExpiryTime < expiryTime)
+            expiryTime = providerExpiryTime;
+    }
+
+    return expiryTime;
+}
+
 /*
  * C wrappers
  */
@@ -734,5 +753,7 @@ gssEapCreateAttrContext(gss_cred_id_t gssCred,
         return NULL;
     }
 
+    gssCtx->expiryTime = ctx->getExpiryTime();
+
     return ctx;
 }
diff --git a/util_attr.h b/util_attr.h
index 206e424..90b0953 100644
--- a/util_attr.h
+++ b/util_attr.h
@@ -104,6 +104,8 @@ public:
         return initWithManager(manager);
     }
 
+    virtual time_t getExpiryTime(void) const { return 0; }
+
     static bool init() { return true; }
     static void finalize() {}
 
@@ -191,6 +193,8 @@ public:
     static void
     unregisterProvider(unsigned int type);
 
+    time_t getExpiryTime(void) const;
+
 private:
     gss_eap_attr_provider *getPrimaryProvider(void) const;
 
diff --git a/util_saml.cpp b/util_saml.cpp
index cdac5c8..5879709 100644
--- a/util_saml.cpp
+++ b/util_saml.cpp
@@ -170,6 +170,23 @@ gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value)
     m_authenticated = false;
 }
 
+time_t
+gss_eap_saml_assertion_provider::getExpiryTime(void) const
+{
+    saml2::Conditions *conditions;
+    time_t expiryTime = 0;
+
+    if (m_assertion == NULL)
+        return 0;
+
+    conditions = m_assertion->getConditions();
+
+    if (conditions != NULL && conditions->getNotOnOrAfter() != NULL)
+        expiryTime = conditions->getNotOnOrAfter()->getEpoch();
+
+    return expiryTime;
+}
+
 bool
 gss_eap_saml_assertion_provider::getAttribute(const gss_buffer_t attr,
                                               int *authenticated,
diff --git a/util_saml.h b/util_saml.h
index b35cf49..73e64e5 100644
--- a/util_saml.h
+++ b/util_saml.h
@@ -79,6 +79,8 @@ public:
         return m_authenticated;
     }
 
+    time_t getExpiryTime(void) const;
+
     static bool init();
     static void finalize();
 
-- 
2.1.4