From 0483c22d984dab41ed7226dc7be3fd36bd64f5d3 Mon Sep 17 00:00:00 2001
From: Jack Dent <jack@jackdent.co.uk>
Date: Tue, 13 Aug 2013 16:28:20 +0100
Subject: [PATCH 1/2] Initial commit for maxSkew

---
 .../uk/ac/cam/ucs/webauth/RavenFilter.java    | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java b/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
index ca1dbc2..5d72899 100644
--- a/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
+++ b/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
@@ -208,6 +208,11 @@ public class RavenFilter implements Filter {
 	 */
 	public static String INIT_PARAM_AUTHENTICATE_URL = "authenticateUrl";
 
+	/**
+	 * Override of default max skew - in case there is lag in the clocks
+	 */
+	public static String INIT_PARAM_MAX_SKEW = "maxSkew";
+
 	/**
 	 * The filter init-param param-name path to the certificate. Optional.
 	 * Defaults to /WEB-INF/raven/pubkey2.crt
@@ -239,6 +244,13 @@ public class RavenFilter implements Filter {
 	 */
 	private String sRavenAuthenticatePage = "https://raven.cam.ac.uk/auth/authenticate.html";
 
+	/**
+	* Override for max skew. Optional.
+	* 
+	* Defaults to null.
+	*/
+	private Integer maxSkew = null;
+
 	/** KeyStore used by WebauthValidator class */
 	protected KeyStore keyStore = null;
 
@@ -259,6 +271,12 @@ public void init(FilterConfig config) throws ServletException {
 		if (authenticatePage != null)
 			sRavenAuthenticatePage = authenticatePage;
 
+		// checks if the init-param is set, and if so overrides max skew. 
+		String maxSkew = config
+		    .getInitParameter(INIT_PARAM_MAX_SKEW);
+		if (maxSkew != null)
+		  this.maxSkew = Integer.parseInt(maxSkew);
+
 		// get the path to the raven certificate or use a default
 		String sCertContextPath = config
 				.getInitParameter(INIT_PARAM_CERTIFICATE_PATH);
@@ -343,6 +361,9 @@ protected KeyStore getKeyStore() {
 	protected WebauthValidator getWebauthValidator() {
 		if (webauthValidator == null) {
 			webauthValidator = new WebauthValidator(getKeyStore());
+			if (this.maxSkew != null) {
+				webauthValidator.setMaxSkew(this.maxSkew);
+			}
 		}
 		return webauthValidator;
 	}

From 2d9645cd21eb9ea0720cf640abb2361608aca08d Mon Sep 17 00:00:00 2001
From: Jack Dent <jack@jackdent.co.uk>
Date: Tue, 13 Aug 2013 17:09:29 +0100
Subject: [PATCH 2/2] Updated docs to include more info

---
 src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java b/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
index 5d72899..4a3b5e8 100644
--- a/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
+++ b/src/main/java/uk/ac/cam/ucs/webauth/RavenFilter.java
@@ -209,7 +209,9 @@ public class RavenFilter implements Filter {
 	public static String INIT_PARAM_AUTHENTICATE_URL = "authenticateUrl";
 
 	/**
-	 * Override of default max skew - in case there is lag in the clocks
+	 * Override of default max skew - in case there is lag in the clocks.
+	 * Measured in milliseconds.
+	 * Defaults to 0ms.
 	 */
 	public static String INIT_PARAM_MAX_SKEW = "maxSkew";