com.oscgc.security.saml.idp.web.contoller.MetadataValidator.java Source code

Java tutorial

Introduction

Here is the source code for com.oscgc.security.saml.idp.web.contoller.MetadataValidator.java

Source

/* Copyright 2011 Vladimir Schafer
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.oscgc.security.saml.idp.web.contoller;

import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;
import org.springframework.validation.Validator;

import java.net.MalformedURLException;
import java.net.URL;

/**
 * Validator for metadata from.
 */
public class MetadataValidator implements Validator {

    MetadataManager manager;

    public MetadataValidator(MetadataManager manager) {
        this.manager = manager;
    }

    public boolean supports(Class<?> clazz) {
        return clazz.equals(MetadataForm.class);
    }

    public void validate(Object target, Errors errors) {

        MetadataForm metadata = (MetadataForm) target;

        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "entityId", "required", "Entity id must be set.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "alias", "required", "Alias must be set.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "baseURL", "required", "Base URL is required.");

        if (metadata.getSecurityProfile() == null) {
            errors.rejectValue("securityProfile", null, "Security profile must be specified.");
        } else if (!"pkix".equalsIgnoreCase(metadata.getSecurityProfile())
                && !"metaiop".equals(metadata.getSecurityProfile())) {
            errors.rejectValue("securityProfile", null, "Selected value is not supported.");
        }

        if (metadata.getSslSecurityProfile() == null) {
            errors.rejectValue("sslSecurityProfile", null, "SSL/TLS Security profile must be specified.");
        } else if (!"pkix".equalsIgnoreCase(metadata.getSslSecurityProfile())
                && !"metaiop".equals(metadata.getSslSecurityProfile())) {
            errors.rejectValue("sslSecurityProfile", null, "Selected value is not supported.");
        }

        if (metadata.isIncludeDiscovery() && metadata.getCustomDiscoveryURL() != null
                && metadata.getCustomDiscoveryURL().length() > 0) {
            try {
                new URL(metadata.getCustomDiscoveryURL());
            } catch (MalformedURLException e) {
                errors.rejectValue("customDiscoveryURL", null, "Value is not a valid URL.");
            }
        }

        if (metadata.isIncludeDiscovery() && metadata.getCustomDiscoveryResponseURL() != null
                && metadata.getCustomDiscoveryResponseURL().length() > 0) {
            try {
                new URL(metadata.getCustomDiscoveryResponseURL());
            } catch (MalformedURLException e) {
                errors.rejectValue("customDiscoveryResponseURL", null, "Value is not a valid URL.");
            }
        }

        // Bindings
        if (metadata.getSsoBindings() == null || metadata.getSsoBindings().length == 0) {
            errors.rejectValue("ssoBindings", null, "At least one binding must be specified.");
        }

        // Default binding
        if (metadata.getSsoDefaultBinding() != null && metadata.getSsoBindings() != null) {
            boolean found = false;
            for (String binding : metadata.getSsoBindings()) {
                if (binding.equals(metadata.getSsoDefaultBinding())) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                errors.rejectValue("ssoDefaultBinding", null, "Default binding must be selected as included.");
            }
        }

        if (metadata.getNameID() == null || metadata.getNameID().length == 0) {
            errors.rejectValue("nameID", null, "At least one NameID must be selected.");
        }

        try {
            if (!errors.hasErrors() && metadata.isStore()) {
                EntityDescriptor entityDescriptor = manager.getEntityDescriptor(metadata.getEntityId());
                if (entityDescriptor != null) {
                    errors.rejectValue("entityId", null, "Selected entity ID is already used.");
                }
                String idForAlias = manager.getEntityIdForAlias(metadata.getAlias());
                if (idForAlias != null) {
                    errors.rejectValue("alias", null, "Selected alias is already used.");
                }
            }
        } catch (MetadataProviderException e) {
            throw new RuntimeException("Error loading alias data", e);
        }

    }

}