1 /*
2 * Copyright (c) 2002-2014, Mairie de Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers;
35
36 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.BootStrap;
37 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.SAMLResponseManager;
38 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.InvalidAttributeException;
39 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
40 import fr.paris.lutece.portal.service.util.AppLogService;
41
42 import org.opensaml.saml2.core.Attribute;
43 import org.opensaml.saml2.metadata.RequestedAttribute;
44
45 import java.util.Iterator;
46 import java.util.List;
47
48
49 public class RequiredAttributesChecker implements SAMLChecker
50 {
51 public void check( SAMLResponseManager responseManager )
52 throws InvalidAttributeException, SAMLParsingException
53 {
54 List<Attribute> assertionAttributes = responseManager.getAssertionAttributes( );
55
56 List<RequestedAttribute> requestedAttributes = BootStrap.getInstance( ).getSpMetaDataManager( )
57 .getRequestedAttributes( );
58
59 // Verification des attributs requis
60 Iterator<RequestedAttribute> iterReq = requestedAttributes.listIterator( );
61 RequestedAttribute requestedAttribute;
62
63 while ( iterReq.hasNext( ) )
64 {
65 requestedAttribute = iterReq.next( );
66
67 if ( requestedAttribute.isRequired( ) )
68 {
69 boolean found = false;
70 Iterator<Attribute> iter = assertionAttributes.listIterator( );
71 Attribute assertionAttribute;
72
73 while ( iter.hasNext( ) )
74 {
75 assertionAttribute = iter.next( );
76
77 if ( assertionAttribute.getName( ).equalsIgnoreCase( requestedAttribute.getName( ) ) )
78 {
79 found = true;
80
81 break;
82 }
83 }
84
85 if ( !found )
86 {
87 String message = "L'attribut obligatoire [" + requestedAttribute.getName( ) +
88 "] est absent de l'assertion.";
89 AppLogService.info( message );
90 throw new InvalidAttributeException( message );
91 }
92 }
93 }
94 }
95 }