1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.saml.authentication.metadata;
35
36 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.config.ConfigProperties;
37 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.config.Constants;
38 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.CertificateValidationException;
39 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.exceptions.SAMLParsingException;
40 import fr.paris.lutece.plugins.mylutece.modules.saml.authentication.util.X509CertificateHelper;
41 import fr.paris.lutece.portal.service.util.AppLogService;
42
43 import org.opensaml.common.xml.SAMLConstants;
44
45 import org.opensaml.saml2.metadata.IDPSSODescriptor;
46 import org.opensaml.saml2.metadata.KeyDescriptor;
47
48 import org.opensaml.xml.signature.KeyInfo;
49 import org.opensaml.xml.signature.X509Data;
50
51 import java.io.IOException;
52 import java.io.InputStream;
53
54 import java.security.cert.CertificateException;
55 import java.security.cert.X509Certificate;
56
57 import java.util.ArrayList;
58 import java.util.List;
59
60
61 public class IDPMetadataManager extends MetadataManager
62 {
63 public IDPMetadataManager( )
64 {
65 loadIDPCertificateChain( );
66 }
67
68 private void loadIDPCertificateChain( )
69 {
70
71 }
72
73 @Override
74 public void loadMetadata( String inFilePath )
75 {
76
77 if ( inFilePath == null )
78 {
79 inFilePath = ConfigProperties.getInstance( ).getProperty( Constants.IDP_METADATA_FILE_PROP );
80 }
81
82 InputStream stream = this.getClass( ).getResourceAsStream( inFilePath );
83 loadMetadata( stream );
84 }
85
86 @Override
87 protected void validateContent( ) throws SAMLParsingException
88 {
89
90 IDPSSODescriptor idpSSODescriptor = metaData.getIDPSSODescriptor( SAMLConstants.SAML20P_NS );
91
92 if ( idpSSODescriptor == null )
93 {
94 String message = "Les metadonn�es devraient contenir un IDPSSODescriptor";
95 AppLogService.info( message );
96 throw new SAMLParsingException( message );
97 }
98
99
100 List<KeyDescriptor> keyDescriptor = idpSSODescriptor.getKeyDescriptors( );
101
102 if ( keyDescriptor.size( ) != 1 )
103 {
104 String message = "L'IDPSSODescriptor devrait contenir un et un seul KeyDescriptor. Il en contient " +
105 keyDescriptor.size( );
106 AppLogService.info( message );
107 throw new SAMLParsingException( message );
108 }
109
110
111 List<X509Data> x509Data = keyDescriptor.get( 0 ).getKeyInfo( ).getX509Datas( );
112
113 if ( x509Data.size( ) != 1 )
114 {
115 String message = "Le KeyInfo devrait contenir un et un seul X509Data. Il en contient " + x509Data.size( );
116 AppLogService.info( message );
117 throw new SAMLParsingException( message );
118 }
119
120
121 List<org.opensaml.xml.signature.X509Certificate> x509Certificate = x509Data.get( 0 ).getX509Certificates( );
122
123 if ( x509Certificate.size( ) != 1 )
124 {
125 String message = "Le X509Data devrait contenir un et un seul X509Certificate";
126 AppLogService.info( message );
127 throw new SAMLParsingException( message );
128 }
129 }
130
131
132
133
134
135
136
137
138 public List<X509Certificate> getCertificateWhiteList( )
139 throws CertificateValidationException
140 {
141 List<X509Certificate> liste = new ArrayList<X509Certificate>( );
142
143 try
144 {
145 IDPSSODescriptor idpSSODescriptor = metaData.getIDPSSODescriptor( SAMLConstants.SAML20P_NS );
146 List<KeyDescriptor> keyDescriptor = idpSSODescriptor.getKeyDescriptors( );
147 KeyInfo keyInfo = keyDescriptor.get( 0 ).getKeyInfo( );
148 List<X509Data> x509Data = keyInfo.getX509Datas( );
149 List<org.opensaml.xml.signature.X509Certificate> x509Certificate = x509Data.get( 0 ).getX509Certificates( );
150 String b64MetadataCert = x509Certificate.get( 0 ).getValue( );
151
152 liste.add( X509CertificateHelper.buildX509Cert( b64MetadataCert ) );
153 }
154 catch ( CertificateException e )
155 {
156 String message = "Erreur lors de la recuperation du certificat des Metadonn�es" +
157 e.getLocalizedMessage( );
158 AppLogService.info( message );
159 throw new CertificateValidationException( message );
160 }
161 catch ( IOException e )
162 {
163 String message = "Erreur lors de la recuperation du certificat des Metadonn�es" +
164 e.getLocalizedMessage( );
165 AppLogService.info( message );
166 throw new CertificateValidationException( message );
167 }
168
169 return liste;
170 }
171 }