TimePolicyProvider.java

/*
 * JBoss, Home of Professional Open Source
 *
 * Copyright 2015 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.keycloak.authorization.policy.provider.time;

import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;

import org.keycloak.authorization.attribute.Attributes;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
import org.keycloak.authorization.policy.evaluation.EvaluationContext;
import org.keycloak.authorization.policy.provider.PolicyProvider;

/**
 * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
 */
public class TimePolicyProvider implements PolicyProvider {

    static String DEFAULT_DATE_PATTERN = "yyyy-MM-dd HH:mm:ss";

    static String CONTEXT_TIME_ENTRY = "kc.time.date_time";

    @Override
    public void evaluate(Evaluation evaluation) {
        Policy policy = evaluation.getPolicy();
        SimpleDateFormat dateFormat = new SimpleDateFormat(DEFAULT_DATE_PATTERN);
        try {
            String contextTime = null;
            EvaluationContext context = evaluation.getContext();
            if (context.getAttributes() != null && context.getAttributes().exists(CONTEXT_TIME_ENTRY)) {
                Attributes.Entry contextTimeEntry = context.getAttributes().getValue(CONTEXT_TIME_ENTRY);
                if (!contextTimeEntry.isEmpty()) {
                    contextTime = contextTimeEntry.asString(0);
                }
            }
            Date actualDate = contextTime == null ? new Date() : dateFormat.parse(contextTime);

            String notBefore = policy.getConfig().get("nbf");
            if (notBefore != null && !"".equals(notBefore)) {
                if (actualDate.before(dateFormat.parse(format(notBefore)))) {
                    evaluation.deny();
                    return;
                }
            }

            String notOnOrAfter = policy.getConfig().get("noa");
            if (notOnOrAfter != null && !"".equals(notOnOrAfter)) {
                if (actualDate.after(dateFormat.parse(format(notOnOrAfter)))) {
                    evaluation.deny();
                    return;
                }
            }

            if (isInvalid(actualDate, Calendar.DAY_OF_MONTH, "dayMonth", policy)
                    || isInvalid(actualDate, Calendar.MONTH, "month", policy)
                    || isInvalid(actualDate, Calendar.YEAR, "year", policy)
                    || isInvalid(actualDate, Calendar.HOUR_OF_DAY, "hour", policy)
                    || isInvalid(actualDate, Calendar.MINUTE, "minute", policy)) {
                evaluation.deny();
                return;
            }

            evaluation.grant();
        } catch (Exception e) {
            throw new RuntimeException("Could not evaluate time-based policy [" + policy.getName() + "].", e);
        }
    }

    private boolean isInvalid(Date actualDate, int timeConstant, String configName, Policy policy) {
        Calendar calendar = Calendar.getInstance();

        calendar.setTime(actualDate);

        int dateField = calendar.get(timeConstant);

        if (Calendar.MONTH == timeConstant) {
            dateField++;
        }

        String start = policy.getConfig().get(configName);
        if (start != null) {
            String end = policy.getConfig().get(configName + "End");
            if (end != null) {
                if (dateField < Integer.parseInt(start)  || dateField > Integer.parseInt(end)) {
                    return true;
                }
            } else {
                if (dateField != Integer.parseInt(start)) {
                    return true;
                }
            }
        }
        return false;
    }

    static String format(String notBefore) {
        String trimmed = notBefore.trim();

        if (trimmed.length() == 10) {
            notBefore = trimmed + " 00:00:00";
        }

        return notBefore;
    }

    @Override
    public void close() {

    }
}