View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.engine;
35  
36  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers.CertificateChecker;
37  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers.RequiredAttributesChecker;
38  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers.SAMLResponseChecker;
39  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.checkers.SignatureChecker;
40  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLCheckerException;
41  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
42  import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLTokenExtractorException;
43  import fr.paris.lutece.portal.service.util.AppLogService;
44  
45  import org.opensaml.saml2.core.Response;
46  
47  import java.util.List;
48  import java.util.Map;
49  
50  import javax.servlet.http.HttpServletRequest;
51  
52  
53  public class SAMLTokenHandler
54  {
55      private SAMLResponseManager responseManager = null;
56  
57      public SAMLTokenHandler(  )
58      {
59          BootStrap.init(  );
60      }
61  
62      public void checkSAMLResponse( HttpServletRequest request )
63          throws SAMLTokenExtractorException, SAMLParsingException, SAMLCheckerException
64      {
65          AppLogService.info( "D�but traitement Requ�te " + request.getRequestURL(  ) + " re�ue de " +
66              request.getRemoteAddr(  ) );
67  
68          // Recuperation de la SAMLResponse
69          Response response = SAMLTokenExtractor.extractSAMLResponse( request );
70          responseManager = new SAMLResponseManager( response );
71  
72          // Validation signature
73          SignatureChecker signatureChecker = new SignatureChecker(  );
74          signatureChecker.check( responseManager );
75  
76          // Validation certificat vs IDP Metadonn�es
77          CertificateChecker certificateChecker = new CertificateChecker(  );
78          certificateChecker.check( responseManager );
79  
80          // Validation Attributs requis vs SP Metadonn�es
81          RequiredAttributesChecker attributesChecker = new RequiredAttributesChecker(  );
82          attributesChecker.check( responseManager );
83  
84          // Validation de l'assertion
85          SAMLResponseChecker assertionChecker = new SAMLResponseChecker(  );
86          assertionChecker.check( responseManager );
87      }
88  
89      /**
90       * Extraction du nom du LuteceUser a partir des Attributs de la
91       * SAMLResponse. Le nom de l'Attribut a utiliser est donn� par la
92       * configuration. Si l'Attribut n'est pas pr�sent dans l'Assertion, on
93       * utilise un login anonyme.
94       *
95       * @return Le nom du LuteceUser
96       * @throws SAMLParsingException
97       */
98      public String getLuteceUserName(  ) throws SAMLParsingException
99      {
100         return responseManager.getLuteceUserName(  );
101     }
102 
103     /**
104      * Extraction des userinfos du LuteceUser a partir des Attributs de la
105      * SAMLResponse.
106      *
107      * @return Le nom du LuteceUser
108      * @throws SAMLParsingException
109      */
110     public Map<String, String> getLuteceUserProperties(  )
111         throws SAMLParsingException
112     {
113         return responseManager.getFilteredAssertionAttributesValues( BootStrap.getInstance(  ).getSpMetaDataManager(  )
114                                                                               .getRequestedAttributes(  ) );
115     }
116 
117     /**
118      * Extraction du user groups du LuteceUser a partir des Attributs de la
119      * SAMLResponse.
120      *
121      * @return Les groups du LuteceUser
122      * @throws SAMLParsingException
123      */
124     public List<String> getLuteceUserGroups(  ) throws SAMLParsingException
125     {
126         return responseManager.getLuteceUserGroups(  );
127     }
128 }