1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers;
35
36 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.BootStrap;
37 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.SAMLResponseManager;
38 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLCheckerException;
39 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
40 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLReponseCheckerException;
41 import fr.paris.lutece.portal.service.util.AppLogService;
42
43 import org.opensaml.saml2.core.StatusCode;
44
45
46 public class SAMLResponseChecker implements SAMLChecker
47 {
48 public void check( SAMLResponseManager responseManager )
49 throws SAMLCheckerException, SAMLParsingException
50 {
51
52 checkDestination( responseManager );
53
54
55 checkStatusCode( responseManager );
56
57
58 SAMLAssertionChecker assChecker = new SAMLAssertionChecker( );
59 assChecker.check( responseManager );
60 }
61
62
63
64
65
66
67
68 private void checkDestination( SAMLResponseManager responseManager )
69 throws SAMLReponseCheckerException
70 {
71 String destination = responseManager.getResponse( ).getDestination( );
72
73 String location = BootStrap.getInstance( ).getSpMetaDataManager( ).getAssertionConsumerService( )
74 .getLocation( );
75
76 if ( !destination.equals( location ) )
77 {
78 String message = "La Destination de la Response [" + destination +
79 "] n'est pas valide vis-�-vis des m�tadonn�es [" + location + "]";
80 AppLogService.info( message );
81 throw new SAMLReponseCheckerException( message );
82 }
83 }
84
85
86
87
88
89
90
91 private void checkStatusCode( SAMLResponseManager responseManager )
92 throws SAMLParsingException, SAMLReponseCheckerException
93 {
94 String statusCode = responseManager.getResponse( ).getStatus( ).getStatusCode( ).getValue( );
95
96 if ( !statusCode.equals( StatusCode.SUCCESS_URI ) )
97 {
98 String message = "Le StatusCode de la Response [" + statusCode + "] n'est pas [" + StatusCode.SUCCESS_URI +
99 "]";
100 AppLogService.info( message );
101 throw new SAMLReponseCheckerException( message );
102 }
103 }
104 }