summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-04 19:43:32 +0100
commit759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f (patch)
tree2132024fc058b1ef5338bf50df575a3244cc3f9f /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata
parent4f15bdc45b08724d20c66c9fd74ea6a43a03c32f (diff)
downloadEAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.gz
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.tar.bz2
EAAF-Components-759ac5f42c6aff901dbeede4fbf1a1d2e08cad0f.zip
common EGIZ code-style refactoring
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java929
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java112
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java415
3 files changed, 748 insertions, 708 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
index 08ef26ab..ec81353a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -1,29 +1,22 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.IOException;
@@ -35,9 +28,12 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Timer;
-
import javax.xml.namespace.QName;
-
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -52,419 +48,474 @@ import org.opensaml.xml.XMLObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import at.gv.egiz.components.spring.api.IDestroyableObject;
-import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
-
public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider
- implements ObservableMetadataProvider, IGarbageCollectorProcessing,
- IRefreshableMetadataProvider, IDestroyableObject, IPVPMetadataProvider {
-
- private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
-
- private MetadataProvider internalProvider = null;
- private static Object mutex = new Object();
- private Timer timer = null;
-
-
- public AbstractChainingMetadataProvider() {
- internalProvider = new ChainingMetadataProvider();
-
- }
-
- public final Timer getTimer() {
- return this.timer;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
- */
- @Override
- public void runGarbageCollector() {
- synchronized (mutex) {
- /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
- try {
- log.trace("Check consistence of PVP2X metadata");
- addAndRemoveMetadataProvider();
-
- } catch (EAAFConfigurationException e) {
- log.error("Access to MOA-ID configuration FAILED.", e);
-
- }
- }
-
- }
-
- public void fullyDestroy() {
- internalDestroy();
-
- }
-
- @Override
- public synchronized boolean refreshMetadataProvider(String entityID) {
- try {
- //check if metadata provider is already loaded
- try {
- if (internalProvider.getEntityDescriptor(entityID) != null)
- return true;
-
- } catch (MetadataProviderException e) {}
-
-
- //reload metadata provider
- String metadataURL = getMetadataURL(entityID);
- if (StringUtils.isNotEmpty(metadataURL)) {
- Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
- // check if MetadataProvider is actually loaded
- if (actuallyLoadedProviders.containsKey(metadataURL)) {
- actuallyLoadedProviders.get(metadataURL).refresh();
- log.info("SAML2 metadata for service provider: "
- + entityID + " is refreshed.");
- return true;
-
- } else {
- //load new Metadata Provider
- if (timer == null)
- timer = new Timer(true);
-
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
-
- emitChangeEvent();
- log.info("SAML2 metadata for service provider: "
- + entityID + " is added.");
- return true;
-
- }
-
- } else
- log.debug("Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
-
- } catch (MetadataProviderException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (IOException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (EAAFConfigurationException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- } catch (CertificateException e) {
- log.warn("Refresh SAML2 metadata for service provider: "
- + entityID + " FAILED.", e);
-
- }
-
- return false;
-
- }
-
- public void internalDestroy() {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- log.info("Destrorying PVP-Authentication MetaDataProvider.");
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
- httpprovider.destroy();
-
- } else {
- log.warn("MetadataProvider can not be destroyed.");
- }
- }
-
- internalProvider = new ChainingMetadataProvider();
-
- if (timer != null)
- timer.cancel();
-
- } else {
- log.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
- }
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
- */
- @Override
- public boolean requireValidMetadata() {
- return internalProvider.requireValidMetadata();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata(boolean)
- */
- @Override
- public void setRequireValidMetadata(boolean requireValidMetadata) {
- internalProvider.setRequireValidMetadata(requireValidMetadata);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
- */
- @Override
- public MetadataFilter getMetadataFilter() {
- return internalProvider.getMetadataFilter();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
- */
- @Override
- public void setMetadataFilter(MetadataFilter newFilter)
- throws MetadataProviderException {
- internalProvider.setMetadataFilter(newFilter);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
- */
- @Override
- public XMLObject getMetadata() throws MetadataProviderException {
- return internalProvider.getMetadata();
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(java.lang.String)
- */
- @Override
- public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
- throws MetadataProviderException {
- EntitiesDescriptor entitiesDesc = null;
- try {
- entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-
- if (entitiesDesc == null) {
- log.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- } catch (MetadataProviderException e) {
- log.debug("Can not find PVP metadata for entityID: " + entitiesID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entitiesID))
- return internalProvider.getEntitiesDescriptor(entitiesID);
-
- }
-
- return entitiesDesc;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(java.lang.String)
- */
- @Override
- public EntityDescriptor getEntityDescriptor(String entityID)
- throws MetadataProviderException {
- EntityDescriptor entityDesc = null;
- try {
- entityDesc = internalProvider.getEntityDescriptor(entityID);
- if (entityDesc == null) {
- log.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
- } catch (MetadataProviderException e) {
- log.debug("Can not find PVP metadata for entityID: " + entityID
- + " Start refreshing process ...");
- if (refreshMetadataProvider(entityID))
- return internalProvider.getEntityDescriptor(entityID);
-
- }
-
-// if (entityDesc != null)
-// lastAccess.put(entityID, new Date());
-
- return entityDesc;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
- */
- @Override
- public List<RoleDescriptor> getRole(String entityID, QName roleName)
- throws MetadataProviderException {
- List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
- */
- @Override
- public RoleDescriptor getRole(String entityID, QName roleName,
- String supportedProtocol) throws MetadataProviderException {
- RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-
-// if (result != null)
-// lastAccess.put(entityID, new Date());
-
- return result;
- }
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
- */
- @Override
- public List<Observer> getObservers() {
- return ((ChainingMetadataProvider) internalProvider).getObservers();
- }
-
-
- /**
- * Get the URL to metadata for a specific entityID
- *
- * @param entityId
- * @return
- * @throws EAAFConfigurationException
- */
- protected abstract String getMetadataURL(String entityId) throws EAAFConfigurationException;
-
- /**
- * Creates a new implementation specific SAML2 metadata provider
- *
- * @param entityId
- * @return
- * @throws EAAFConfigurationException
- * @throws IOException
- * @throws CertificateException
- * @throws ConfigurationException
- */
- protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException;
-
- /**
- * Get a List of metadata URLs for all SAML2 SPs from configuration
- *
- * @throws EAAFConfigurationException
- */
- protected abstract List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException;
-
-
- protected void emitChangeEvent() {
- if ((getObservers() == null) || (getObservers().size() == 0)) {
- return;
- }
-
- List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
- for (ObservableMetadataProvider.Observer observer : tempObserverList)
- if (observer != null)
- observer.onEvent(this);
- }
-
- private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
- Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //make a Map of all actually loaded HTTPMetadataProvider
- List<MetadataProvider> providers = chainProvider.getProviders();
- for (MetadataProvider provider : providers) {
- if (provider instanceof HTTPMetadataProvider) {
- HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
- loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
- }
- }
-
- return loadedproviders;
- }
-
- private void addAndRemoveMetadataProvider() throws EAAFConfigurationException {
- if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
- log.info("Reload MOAMetaDataProvider.");
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
- ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-
- //get all actually loaded metadata providers
- Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-
- /* TODO: maybe add metadata provider destroy after timeout.
- * But could be a problem if one Metadataprovider load an EntitiesDescriptor
- * with more the multiple EntityDescriptors. If one of this EntityDesciptors
- * are expired the full EntitiesDescriptor is removed.
- *
- * Timeout requires a better solution in this case!
- */
-
- //load all SAML2 SPs form configuration and
- //compare actually loaded Providers with configured SAML2 SPs
- List<String> allMetadataURLs = getAllMetadataURLsFromConfiguration();
-
- if (allMetadataURLs != null) {
- Iterator<String> metadataURLInterator = allMetadataURLs.iterator();
- while (metadataURLInterator.hasNext()) {
- String metadataurl = metadataURLInterator.next();
- try {
- if (StringUtils.isNotEmpty(metadataurl)) {
- if (loadedproviders.containsKey(metadataurl)) {
- // SAML2 SP is actually loaded, to nothing
- providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
- loadedproviders.remove(metadataurl);
-
- }
- }
- } catch (Throwable e) {
- log.error(
- "Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
-
- }
- }
- }
-
- //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
- Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
- for (HTTPMetadataProvider provider : notusedproviders) {
- String metadataurl = provider.getMetadataURI();
- try {
- provider.destroy();
-
- /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
- *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
- //chainProvider.removeMetadataProvider(provider);
- log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-
- } catch (Throwable e) {
- log.error("HTTPMetadataProvider with URL " + metadataurl
- + " can not be removed from the list of actually loaded Providers.", e);
-
- }
-
- }
-
- try {
- chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
- emitChangeEvent();
-
- } catch (MetadataProviderException e) {
- log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy", e);
-
- }
-
- } else
- log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
-
- }
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IRefreshableMetadataProvider, IDestroyableObject, IPvpMetadataProvider {
+
+ private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
+
+ private MetadataProvider internalProvider = null;
+ private static Object mutex = new Object();
+ private Timer timer = null;
+
+
+ public AbstractChainingMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+
+ }
+
+ public final Timer getTimer() {
+ return this.timer;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ */
+ @Override
+ public void runGarbageCollector() {
+ synchronized (mutex) {
+ /* add new Metadataprovider or remove Metadataprovider which are not in use any more. */
+ try {
+ log.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
+
+ } catch (final EaafConfigurationException e) {
+ log.error("Access to MOA-ID configuration FAILED.", e);
+
+ }
+ }
+
+ }
+
+ @Override
+ public void fullyDestroy() {
+ internalDestroy();
+
+ }
+
+ @Override
+ public synchronized boolean refreshMetadataProvider(final String entityID) {
+ try {
+ // check if metadata provider is already loaded
+ try {
+ if (internalProvider.getEntityDescriptor(entityID) != null) {
+ return true;
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug("Metadata for EntityId: {} is not valid. Starting refresh ... ", entityID);
+
+ }
+
+
+ // reload metadata provider
+ final String metadataUrl = getMetadataUrl(entityID);
+ if (StringUtils.isNotEmpty(metadataUrl)) {
+ final Map<String, HTTPMetadataProvider> actuallyLoadedProviders =
+ getAllActuallyLoadedProviders();
+
+ // check if MetadataProvider is actually loaded
+ if (actuallyLoadedProviders.containsKey(metadataUrl)) {
+ actuallyLoadedProviders.get(metadataUrl).refresh();
+ log.info("SAML2 metadata for service provider: " + entityID + " is refreshed.");
+ return true;
+
+ } else {
+ // load new Metadata Provider
+ if (timer == null) {
+ timer = new Timer(true);
+ }
+
+ final ChainingMetadataProvider chainProvider =
+ (ChainingMetadataProvider) internalProvider;
+ chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
+
+ emitChangeEvent();
+ log.info("SAML2 metadata for service provider: " + entityID + " is added.");
+ return true;
+
+ }
+
+ } else {
+ log.debug(
+ "Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final IOException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final EaafConfigurationException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ } catch (final CertificateException e) {
+ log.warn("Refresh SAML2 metadata for service provider: " + entityID + " FAILED.", e);
+
+ }
+
+ return false;
+
+ }
+
+ /**
+ * Close metadata provider and remove all loaded metadata.
+ *
+ */
+ public void internalDestroy() {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Destrorying PVP-Authentication MetaDataProvider.");
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ final List<MetadataProvider> providers = chainProvider.getProviders();
+ for (final MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ final HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+ httpprovider.destroy();
+
+ } else {
+ log.warn("MetadataProvider can not be destroyed.");
+ }
+ }
+
+ internalProvider = new ChainingMetadataProvider();
+
+ if (timer != null) {
+ timer.cancel();
+ }
+
+ } else {
+ log.warn(
+ "ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+ }
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
+ */
+ @Override
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata
+ * (boolean)
+ */
+ @Override
+ public void setRequireValidMetadata(final boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
+ */
+ @Override
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.
+ * opensaml.saml2.metadata.provider.MetadataFilter)
+ */
+ @Override
+ public void setMetadataFilter(final MetadataFilter newFilter) throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
+ */
+ @Override
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(
+ * java.lang.String)
+ */
+ @Override
+ public EntitiesDescriptor getEntitiesDescriptor(final String entitiesID)
+ throws MetadataProviderException {
+ EntitiesDescriptor entitiesDesc = null;
+ try {
+ entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+
+ if (entitiesDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID)) {
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+ }
+
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID)) {
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+ }
+
+ }
+
+ return entitiesDesc;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(
+ * java.lang.String)
+ */
+ @Override
+ public EntityDescriptor getEntityDescriptor(final String entityID)
+ throws MetadataProviderException {
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID)) {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ }
+
+ } catch (final MetadataProviderException e) {
+ log.debug(
+ "Can not find PVP metadata for entityID: " + entityID + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID)) {
+ return internalProvider.getEntityDescriptor(entityID);
+ }
+
+ }
+
+ // if (entityDesc != null)
+ // lastAccess.put(entityID, new Date());
+
+ return entityDesc;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
+ * String, javax.xml.namespace.QName)
+ */
+ @Override
+ public List<RoleDescriptor> getRole(final String entityID, final QName roleName)
+ throws MetadataProviderException {
+ final List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+ // if (result != null)
+ // lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.
+ * String, javax.xml.namespace.QName, java.lang.String)
+ */
+ @Override
+ public RoleDescriptor getRole(final String entityID, final QName roleName,
+ final String supportedProtocol) throws MetadataProviderException {
+ final RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+ // if (result != null)
+ // lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+ */
+ @Override
+ public List<Observer> getObservers() {
+ return ((ChainingMetadataProvider) internalProvider).getObservers();
+ }
+
+
+ /**
+ * Get the URL to metadata for a specific entityID.
+ *
+ * @param entityId EntityId
+ * @return URL to metadata
+ * @throws EaafConfigurationException In case of an error
+ */
+ protected abstract String getMetadataUrl(String entityId) throws EaafConfigurationException;
+
+ /**
+ * Creates a new implementation specific SAML2 metadata provider.
+ *
+ * @param entityId EntityId
+ * @return MetadataProvider
+ * @throws EaafConfigurationException In case of an error
+ * @throws IOException In case of an error
+ * @throws CertificateException In case of an error
+ * @throws ConfigurationException In case of an error
+ */
+ protected abstract MetadataProvider createNewMetadataProvider(String entityId)
+ throws EaafConfigurationException, IOException, CertificateException;
+
+ /**
+ * Get a List of metadata URLs for all SAML2 SPs from configuration.
+ *
+ * @throws EaafConfigurationException In case of an error
+ */
+ protected abstract List<String> getAllMetadataUrlsFromConfiguration()
+ throws EaafConfigurationException;
+
+
+ protected void emitChangeEvent() {
+ if ((getObservers() == null) || (getObservers().size() == 0)) {
+ return;
+ }
+
+ final List<Observer> tempObserverList = new ArrayList<>(getObservers());
+ for (final ObservableMetadataProvider.Observer observer : tempObserverList) {
+ if (observer != null) {
+ observer.onEvent(this);
+ }
+ }
+ }
+
+ private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+ final Map<String, HTTPMetadataProvider> loadedproviders =
+ new HashMap<>();
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ // make a Map of all actually loaded HTTPMetadataProvider
+ final List<MetadataProvider> providers = chainProvider.getProviders();
+ for (final MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ final HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+ }
+ }
+
+ return loadedproviders;
+ }
+
+ private void addAndRemoveMetadataProvider() throws EaafConfigurationException {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Reload MOAMetaDataProvider.");
+
+ /*
+ * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
+ * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
+ * unmodifiableList to hold all registrated MetadataProviders.
+ */
+ final Map<String, MetadataProvider> providersinuse = new HashMap<>();
+ final ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ // get all actually loaded metadata providers
+ final Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+
+ /*
+ * TODO: maybe add metadata provider destroy after timeout. But could be a problem if one
+ * Metadataprovider load an EntitiesDescriptor with more the multiple EntityDescriptors. If
+ * one of this EntityDesciptors are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+
+ // load all SAML2 SPs form configuration and
+ // compare actually loaded Providers with configured SAML2 SPs
+ final List<String> allMetadataUrls = getAllMetadataUrlsFromConfiguration();
+
+ if (allMetadataUrls != null) {
+ final Iterator<String> metadataUrlInterator = allMetadataUrls.iterator();
+ while (metadataUrlInterator.hasNext()) {
+ final String metadataurl = metadataUrlInterator.next();
+ try {
+ if (StringUtils.isNotEmpty(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
+ // SAML2 SP is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
+
+ }
+ }
+ } catch (final Throwable e) {
+ log.error("Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
+
+ }
+ }
+ }
+
+ // remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+ final Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+ for (final HTTPMetadataProvider provider : notusedproviders) {
+ final String metadataurl = provider.getMetadataURI();
+ try {
+ provider.destroy();
+
+ /*
+ * OpenSAML ChainingMetadataProvider can not remove a MetadataProvider
+ * (UnsupportedOperationException) The ChainingMetadataProvider use internal a
+ * unmodifiableList to hold all registrated MetadataProviders.
+ */
+ // chainProvider.removeMetadataProvider(provider);
+ log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+
+ } catch (final Throwable e) {
+ log.error("HTTPMetadataProvider with URL " + metadataurl
+ + " can not be removed from the list of actually loaded Providers.", e);
+
+ }
+
+ }
+
+ try {
+ chainProvider.setProviders(new ArrayList<>(providersinuse.values()));
+ emitChangeEvent();
+
+ } catch (final MetadataProviderException e) {
+ log.warn(
+ "ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy",
+ e);
+
+ }
+
+ } else {
+ log.warn(
+ "ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
+ }
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
index 06065a82..04c1dcb8 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
@@ -1,34 +1,26 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.util.ArrayList;
import java.util.List;
-
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
@@ -37,44 +29,48 @@ import org.slf4j.LoggerFactory;
/**
+ * Metadata filter-chain implementation.
+ *
* @author tlenz
*
*/
public class MetadataFilterChain implements MetadataFilter {
- private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
-
-
- private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-
- /**
- * Return all actually used Metadata filters
- *
- * @return List of Metadata filters
- */
- public List<MetadataFilter> getFilters() {
- return filters;
- }
-
- /**
- * Add a new Metadata filter to filterchain
- *
- * @param filter
- */
- public void addFilter(MetadataFilter filter) {
- filters.add(filter);
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject arg0) throws FilterException {
- for (MetadataFilter filter : filters) {
- log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
- filter.doFilter(arg0);
- }
+ private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
+
+
+ private final List<MetadataFilter> filters = new ArrayList<>();
+
+ /**
+ * Return all actually used Metadata filters.
+ *
+ * @return List of Metadata filters
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+ /**
+ * Add a new Metadata filter to filterchain.
+ *
+ * @param filter add a metadata filter
+ */
+ public void addFilter(final MetadataFilter filter) {
+ filters.add(filter);
+ }
+
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(final XMLObject arg0) throws FilterException {
+ for (final MetadataFilter filter : filters) {
+ log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
- }
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
index c16ca5fd..67dd1d35 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
@@ -1,37 +1,32 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
*
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
* https://joinup.ec.europa.eu/news/understanding-eupl-v12
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
import java.io.File;
import java.net.MalformedURLException;
import java.util.Timer;
-
import javax.net.ssl.SSLHandshakeException;
-
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
import org.apache.commons.httpclient.HttpClient;
import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
@@ -42,195 +37,193 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
-
/**
+ * Simple SAML2 metadata provider.
+ *
* @author tlenz
*
*/
-public abstract class SimpleMetadataProvider implements MetadataProvider{
- private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
-
- private static final String URI_PREFIX_HTTP = "http:";
- private static final String URI_PREFIX_HTTPS = "https:";
- private static final String URI_PREFIX_FILE = "file:";
-
-
- @Autowired
- protected IConfiguration authConfig;
-
-
- /**
- * Create a single SAML2 metadata provider
- *
- * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
- * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param httpClient Apache commons 3.x http client
- *
- * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
- */
- protected MetadataProvider createNewSimpleMetadataProvider(String metadataLocation, MetadataFilter filter,
- String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
- if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
- if (httpClient != null)
- return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool, httpClient);
-
- else {
- log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");
- return null;
- }
-
- } else {
- String absoluteMetadataLocation;
- try {
- absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
- metadataLocation,
- authConfig.getConfigurationRootDirectory());
-
- if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
- File metadataFile = new File(absoluteMetadataLocation);
- if (metadataFile.exists())
- return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-
- else {
- log.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
- return null;
- }
-
- }
-
-
- } catch (MalformedURLException e) {
- log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-
- }
-
- }
-
- log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
- return null;
-
- }
-
-
- /**
- * Create a single SAML2 filesystem based metadata provider
- *
- * @param metadataFile File, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
- FilesystemMetadataProvider fileSystemProvider = null;
- try {
- fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
- fileSystemProvider.setParserPool(pool);
- fileSystemProvider.setRequireValidMetadata(true);
- fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- fileSystemProvider.setMetadataFilter(filter);
- fileSystemProvider.initialize();
-
- fileSystemProvider.setRequireValidMetadata(true);
-
- return fileSystemProvider;
-
- } catch (Exception e) {
- log.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + "File: " + metadataFile.getAbsolutePath()
- + " Msg: " + e.getMessage() + " ]", e);
-
-
- log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
- + " Reason: " + e.getMessage(), e);
-
- if (fileSystemProvider != null)
- fileSystemProvider.destroy();
-
- }
-
- return null;
-
- }
-
-
-
- /**
- * Create a single SAML2 HTTP metadata provider
- *
- * @param metadataURL URL, where the metadata should be loaded
- * @param filter Filters, which should be used to validate the metadata
- * @param IdForLogging Id, which is used for Logging
- * @param timer {@link Timer} which is used to schedule metadata refresh operations
- * @param pool
- *
- * @return SAML2 Metadata Provider
- */
- private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
- HTTPMetadataProvider httpProvider = null;
- try {
- httpProvider = new HTTPMetadataProvider(timer, httpClient,
- metadataURL);
- httpProvider.setParserPool(pool);
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- httpProvider.setMetadataFilter(filter);
- httpProvider.initialize();
-
- httpProvider.setRequireValidMetadata(true);
-
- return httpProvider;
-
- } catch (Throwable e) {
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- log.warn("SSL-Server certificate for metadata "
- + metadataURL + " not trusted.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
- log.warn("Signature verification for metadata"
- + metadataURL + " FAILED.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
- log.warn("Schema validation for metadata "
- + metadataURL + " FAILED.", e);
- }
-
- log.warn(
- "Failed to load Metadata file for "
- + IdForLogging + "[ "
- + e.getMessage() + " ]", e);
-
- if (httpProvider != null) {
- log.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
-
-// if (timer != null) {
-// log.debug("Destroy Timer.");
-// timer.cancel();
-// }
-
-
- }
-
- return null;
- }
+public abstract class SimpleMetadataProvider implements MetadataProvider {
+ private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
+
+ private static final String URI_PREFIX_HTTP = "http:";
+ private static final String URI_PREFIX_HTTPS = "https:";
+ private static final String URI_PREFIX_FILE = "file:";
+
+
+ @Autowired
+ protected IConfiguration authConfig;
+
+
+ /**
+ * Create a single SAML2 metadata provider.
+ *
+ * @param metadataLocation where the metadata should be loaded, but never null. If the location
+ * starts with http(s):, than a http based metadata provider is used. If the location
+ * starts with file:, than a filesystem based metadata provider is used
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param httpClient Apache commons 3.x http client
+ *
+ * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+ */
+ protected MetadataProvider createNewSimpleMetadataProvider(final String metadataLocation,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool, final HttpClient httpClient) {
+ if (metadataLocation.startsWith(URI_PREFIX_HTTP)
+ || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
+ if (httpClient != null) {
+ return createNewHttpMetaDataProvider(metadataLocation, filter, idForLogging, timer, pool,
+ httpClient);
+ } else {
+ log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");
+ return null;
+ }
+
+ } else {
+ String absoluteMetadataLocation;
+ try {
+ absoluteMetadataLocation =
+ FileUtils.makeAbsoluteUrl(metadataLocation, authConfig.getConfigurationRootDirectory());
+
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ final File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists()) {
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, idForLogging, timer,
+ pool);
+ } else {
+ log.warn(
+ "SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
+
+
+ } catch (final MalformedURLException e) {
+ log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+
+ }
+
+ }
+
+ log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
+ return null;
+
+ }
+
+
+ /**
+ * Create a single SAML2 filesystem based metadata provider.
+ *
+ * @param metadataFile File, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewFileSystemMetaDataProvider(final File metadataFile,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool) {
+ FilesystemMetadataProvider fileSystemProvider = null;
+ try {
+ fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
+ fileSystemProvider.setParserPool(pool);
+ fileSystemProvider.setRequireValidMetadata(true);
+ fileSystemProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
+ fileSystemProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+ // httpProvider.setRefreshDelayFactor(0.1F);
+
+ fileSystemProvider.setMetadataFilter(filter);
+ fileSystemProvider.initialize();
+
+ fileSystemProvider.setRequireValidMetadata(true);
+
+ return fileSystemProvider;
+
+ } catch (final Exception e) {
+ log.warn("Failed to load Metadata file for " + idForLogging + "[ " + "File: "
+ + metadataFile.getAbsolutePath() + " Msg: " + e.getMessage() + " ]", e);
+
+
+ log.warn("Can not initialize SAML2 metadata provider from filesystem: "
+ + metadataFile.getAbsolutePath() + " Reason: " + e.getMessage(), e);
+
+ if (fileSystemProvider != null) {
+ fileSystemProvider.destroy();
+ }
+
+ }
+
+ return null;
+
+ }
+
+
+
+ /**
+ * Create a single SAML2 HTTP metadata provider.
+ *
+ * @param metadataUrl URL, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param idForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewHttpMetaDataProvider(final String metadataUrl,
+ final MetadataFilter filter, final String idForLogging, final Timer timer,
+ final ParserPool pool, final HttpClient httpClient) {
+ HTTPMetadataProvider httpProvider = null;
+ try {
+ httpProvider = new HTTPMetadataProvider(timer, httpClient, metadataUrl);
+ httpProvider.setParserPool(pool);
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
+ httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+ // httpProvider.setRefreshDelayFactor(0.1F);
+
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.initialize();
+
+ httpProvider.setRequireValidMetadata(true);
+
+ return httpProvider;
+
+ } catch (final Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.warn("SSL-Server certificate for metadata " + metadataUrl + " not trusted.", e);
+
+ }
+ if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.warn("Signature verification for metadata" + metadataUrl + " FAILED.", e);
+
+ }
+ if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.warn("Schema validation for metadata " + metadataUrl + " FAILED.", e);
+ }
+
+ log.warn("Failed to load Metadata file for " + idForLogging + "[ " + e.getMessage() + " ]",
+ e);
+
+ if (httpProvider != null) {
+ log.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+
+ // if (timer != null) {
+ // log.debug("Destroy Timer.");
+ // timer.cancel();
+ // }
+
+
+ }
+
+ return null;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 01:39:36 +0000