View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers;
35  
36  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.BootStrap;
37  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.SAMLResponseManager;
38  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLCheckerException;
39  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
40  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLReponseCheckerException;
41  import fr.paris.lutece.portal.service.util.AppLogService;
42  
43  import org.opensaml.saml2.core.StatusCode;
44  
45  
46  public class SAMLResponseChecker implements SAMLChecker
47  {
48      public void check( SAMLResponseManager responseManager )
49          throws SAMLCheckerException, SAMLParsingException
50      {
51          // Verifier Response/@Destination
52          checkDestination( responseManager );
53  
54          ///Response/Status/StatusCode/@Value vs "urn:oasis:names:tc:SAML:2.0:status:Success"
55          checkStatusCode( responseManager );
56  
57          // Verifier Assertion
58          SAMLAssertionChecker assChecker = new SAMLAssertionChecker(  );
59          assChecker.check( responseManager );
60      }
61  
62      /**
63       * Verifier Response/@Destination vs EntityDescriptor/SPSSODescriptor/AssertionConsumerService/@Location
64       * @param responseManager
65       * @throws SAMLParsingException
66       * @throws SAMLReponseCheckerException
67       */
68      private void checkDestination( SAMLResponseManager responseManager )
69          throws SAMLReponseCheckerException
70      {
71          String destination = responseManager.getResponse(  ).getDestination(  );
72  
73          String location = BootStrap.getInstance(  ).getSpMetaDataManager(  ).getAssertionConsumerService(  )
74                                     .getLocation(  );
75  
76          if ( !destination.equals( location ) )
77          {
78              String message = "La Destination de la Response [" + destination +
79                  "] n'est pas valide vis-�-vis des m�tadonn�es [" + location + "]";
80              AppLogService.info( message );
81              throw new SAMLReponseCheckerException( message );
82          }
83      }
84  
85      /**
86       * Verifier Response/Status/StatusCode/@Value vs "urn:oasis:names:tc:SAML:2.0:status:Success"
87       * @param responseManager
88       * @throws SAMLParsingException
89       * @throws SAMLReponseCheckerException
90       */
91      private void checkStatusCode( SAMLResponseManager responseManager )
92          throws SAMLParsingException, SAMLReponseCheckerException
93      {
94          String statusCode = responseManager.getResponse(  ).getStatus(  ).getStatusCode(  ).getValue(  );
95  
96          if ( !statusCode.equals( StatusCode.SUCCESS_URI ) )
97          {
98              String message = "Le StatusCode de la Response [" + statusCode + "] n'est pas [" + StatusCode.SUCCESS_URI +
99                  "]";
100             AppLogService.info( message );
101             throw new SAMLReponseCheckerException( message );
102         }
103     }
104 }