1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers;
35
36 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.BootStrap;
37 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine.SAMLResponseManager;
38 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
39 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SignatureValidationException;
40 import fr.paris.lutece.portal.service.util.AppLogService;
41
42 import org.opensaml.common.xml.SAMLConstants;
43
44 import org.opensaml.saml2.metadata.IDPSSODescriptor;
45
46 import org.opensaml.security.MetadataCriteria;
47 import org.opensaml.security.SAMLSignatureProfileValidator;
48
49 import org.opensaml.xml.security.CriteriaSet;
50 import org.opensaml.xml.security.SecurityException;
51 import org.opensaml.xml.security.criteria.EntityIDCriteria;
52 import org.opensaml.xml.validation.ValidationException;
53
54
55 public class SignatureChecker implements SAMLChecker
56 {
57 public void check( SAMLResponseManager responseManager )
58 throws SignatureValidationException, SAMLParsingException
59 {
60
61 SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator( );
62
63 try
64 {
65 profileValidator.validate( responseManager.getAssertion( ).getSignature( ) );
66 }
67 catch ( ValidationException e )
68 {
69 String message = "Erreur lors de la validation du sch�ma de la signature : " + e.getLocalizedMessage( );
70 AppLogService.info( message );
71 throw new SignatureValidationException( message );
72 }
73
74 CriteriaSet criteriaSet = new CriteriaSet( );
75 criteriaSet.add( new EntityIDCriteria( responseManager.getAssertion( ).getIssuer( ).getValue( ) ) );
76 criteriaSet.add( new MetadataCriteria( IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS ) );
77
78
79
80
81
82
83
84
85
86 try
87 {
88 if ( !BootStrap.getInstance( ).getTrustEngine( )
89 .validate( responseManager.getAssertion( ).getSignature( ), criteriaSet ) )
90 {
91 String message = "Erreur lors de la validation de la signature";
92 AppLogService.info( message );
93 throw new SignatureValidationException( message );
94 }
95 }
96 catch ( SecurityException e1 )
97 {
98 String message = "Erreur lors de la validation de la signature" + e1.getLocalizedMessage( );
99 AppLogService.info( message );
100 throw new SignatureValidationException( message );
101 }
102 catch ( Exception e1 )
103 {
104 String message = "Erreur lors de la validation de la signature" + e1.getLocalizedMessage( );
105 AppLogService.info( message );
106 throw new SignatureValidationException( message );
107 }
108 }
109 }