1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers;
35
36 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.BootStrap;
37 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.SAMLResponseManager;
38 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.CertificateValidationException;
39 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
40 import fr.paris.lutece.portal.service.util.AppLogService;
41
42 import java.security.cert.CertificateExpiredException;
43 import java.security.cert.CertificateNotYetValidException;
44 import java.security.cert.X509Certificate;
45
46 import java.util.List;
47
48
49 public class CertificateChecker implements SAMLChecker
50 {
51 public void check( SAMLResponseManager responseManager )
52 throws CertificateValidationException, SAMLParsingException
53 {
54 List<X509Certificate> certWhiteList = BootStrap.getInstance( ).getIdpMetaDataManager( )
55 .getCertificateWhiteList( );
56 X509Certificate responseCert;
57 responseCert = responseManager.getSignatureCertificate( );
58
59
60 if ( !certWhiteList.contains( responseCert ) )
61 {
62 String message = "Le certificat de signature n'est pas reconnu. DN Certificat=[" +
63 responseCert.getSubjectX500Principal( ).getName( ) + "]";
64 AppLogService.info( message );
65 throw new CertificateValidationException( message );
66 }
67
68
69 try
70 {
71 responseCert.checkValidity( );
72 }
73 catch ( CertificateExpiredException e )
74 {
75 String message = "Le certificat de signature est expir�. DN Certificat=[" +
76 responseCert.getSubjectX500Principal( ).getName( ) + "]";
77 AppLogService.info( message );
78 throw new CertificateValidationException( message );
79 }
80 catch ( CertificateNotYetValidException e )
81 {
82 String message = "Le certificat de signature n'est pas encore valide. DN Certificat=[" +
83 responseCert.getSubjectX500Principal( ).getName( ) + "]";
84 AppLogService.info( message );
85 throw new CertificateValidationException( message );
86 }
87 }
88 }