summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2018-06-26 11:03:48 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2018-06-26 11:03:48 +0200
commitbee5dd259a4438d45ecd1bcc26dfba12875236d6 (patch)
treefe1cf7a35cd15dee5fb3c05de0341aa63bf743e0 /eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata
downloadEAAF-Components-bee5dd259a4438d45ecd1bcc26dfba12875236d6.tar.gz
EAAF-Components-bee5dd259a4438d45ecd1bcc26dfba12875236d6.tar.bz2
EAAF-Components-bee5dd259a4438d45ecd1bcc26dfba12875236d6.zip
initial commit
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java446
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java56
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java212
3 files changed, 714 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
new file mode 100644
index 00000000..c3eaa9a3
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -0,0 +1,446 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
+public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing,
+ IRefreshableMetadataProvider, IDestroyableObject, IPVPMetadataProvider {
+
+ private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
+
+ private MetadataProvider internalProvider = null;
+ private static Object mutex = new Object();
+ private Timer timer = null;
+
+
+ public AbstractChainingMetadataProvider() {
+ internalProvider = new ChainingMetadataProvider();
+
+ }
+
+ public final Timer getTimer() {
+ return this.timer;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ */
+ @Override
+ public void runGarbageCollector() {
+ synchronized (mutex) {
+ /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+ try {
+ log.trace("Check consistence of PVP2X metadata");
+ addAndRemoveMetadataProvider();
+
+ } catch (EAAFConfigurationException e) {
+ log.error("Access to MOA-ID configuration FAILED.", e);
+
+ }
+ }
+
+ }
+
+ public void fullyDestroy() {
+ internalDestroy();
+
+ }
+
+ @Override
+ public synchronized boolean refreshMetadataProvider(String entityID) {
+ try {
+ //check if metadata provider is already loaded
+ try {
+ if (internalProvider.getEntityDescriptor(entityID) != null)
+ return true;
+
+ } catch (MetadataProviderException e) {}
+
+
+ //reload metadata provider
+ String metadataURL = getMetadataURL(entityID);
+ if (StringUtils.isNotEmpty(metadataURL)) {
+ Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+ // check if MetadataProvider is actually loaded
+ if (actuallyLoadedProviders.containsKey(metadataURL)) {
+ actuallyLoadedProviders.get(metadataURL).refresh();
+ log.info("SAML2 metadata for service provider: "
+ + entityID + " is refreshed.");
+ return true;
+
+ } else {
+ //load new Metadata Provider
+ if (timer == null)
+ timer = new Timer(true);
+
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
+
+ emitChangeEvent();
+ log.info("SAML2 metadata for service provider: "
+ + entityID + " is added.");
+ return true;
+
+ }
+
+ } else
+ log.debug("Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
+
+ } catch (MetadataProviderException e) {
+ log.warn("Refresh SAML2 metadata for service provider: "
+ + entityID + " FAILED.", e);
+
+ } catch (IOException e) {
+ log.warn("Refresh SAML2 metadata for service provider: "
+ + entityID + " FAILED.", e);
+
+ } catch (EAAFConfigurationException e) {
+ log.warn("Refresh SAML2 metadata for service provider: "
+ + entityID + " FAILED.", e);
+
+ } catch (CertificateException e) {
+ log.warn("Refresh SAML2 metadata for service provider: "
+ + entityID + " FAILED.", e);
+
+ }
+
+ return false;
+
+ }
+
+ public void internalDestroy() {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Destrorying PVP-Authentication MetaDataProvider.");
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ List<MetadataProvider> providers = chainProvider.getProviders();
+ for (MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+ httpprovider.destroy();
+
+ } else {
+ log.warn("MetadataProvider can not be destroyed.");
+ }
+ }
+
+ internalProvider = new ChainingMetadataProvider();
+
+ if (timer != null)
+ timer.cancel();
+
+ } else {
+ log.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+ }
+ }
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
+ */
+ @Override
+ public boolean requireValidMetadata() {
+ return internalProvider.requireValidMetadata();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata(boolean)
+ */
+ @Override
+ public void setRequireValidMetadata(boolean requireValidMetadata) {
+ internalProvider.setRequireValidMetadata(requireValidMetadata);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
+ */
+ @Override
+ public MetadataFilter getMetadataFilter() {
+ return internalProvider.getMetadataFilter();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+ */
+ @Override
+ public void setMetadataFilter(MetadataFilter newFilter)
+ throws MetadataProviderException {
+ internalProvider.setMetadataFilter(newFilter);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
+ */
+ @Override
+ public XMLObject getMetadata() throws MetadataProviderException {
+ return internalProvider.getMetadata();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(java.lang.String)
+ */
+ @Override
+ public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+ throws MetadataProviderException {
+ EntitiesDescriptor entitiesDesc = null;
+ try {
+ entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+
+ if (entitiesDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ log.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ return entitiesDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(java.lang.String)
+ */
+ @Override
+ public EntityDescriptor getEntityDescriptor(String entityID)
+ throws MetadataProviderException {
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ log.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ log.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+// if (entityDesc != null)
+// lastAccess.put(entityID, new Date());
+
+ return entityDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+ */
+ @Override
+ public List<RoleDescriptor> getRole(String entityID, QName roleName)
+ throws MetadataProviderException {
+ List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+ */
+ @Override
+ public RoleDescriptor getRole(String entityID, QName roleName,
+ String supportedProtocol) throws MetadataProviderException {
+ RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+
+// if (result != null)
+// lastAccess.put(entityID, new Date());
+
+ return result;
+ }
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+ */
+ @Override
+ public List<Observer> getObservers() {
+ return ((ChainingMetadataProvider) internalProvider).getObservers();
+ }
+
+
+ /**
+ * Get the URL to metadata for a specific entityID
+ *
+ * @param entityId
+ * @return
+ * @throws EAAFConfigurationException
+ */
+ protected abstract String getMetadataURL(String entityId) throws EAAFConfigurationException;
+
+ /**
+ * Creates a new implementation specific SAML2 metadata provider
+ *
+ * @param entityId
+ * @return
+ * @throws EAAFConfigurationException
+ * @throws IOException
+ * @throws CertificateException
+ * @throws ConfigurationException
+ */
+ protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException;
+
+ /**
+ * Get a List of metadata URLs for all SAML2 SPs from configuration
+ *
+ * @throws EAAFConfigurationException
+ */
+ protected abstract List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException;
+
+
+ protected void emitChangeEvent() {
+ if ((getObservers() == null) || (getObservers().size() == 0)) {
+ return;
+ }
+
+ List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+ for (ObservableMetadataProvider.Observer observer : tempObserverList)
+ if (observer != null)
+ observer.onEvent(this);
+ }
+
+ private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+ Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ //make a Map of all actually loaded HTTPMetadataProvider
+ List<MetadataProvider> providers = chainProvider.getProviders();
+ for (MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+ }
+ }
+
+ return loadedproviders;
+ }
+
+ private void addAndRemoveMetadataProvider() throws EAAFConfigurationException {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ log.info("Reload MOAMetaDataProvider.");
+
+ /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+ *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+ Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+
+ //get all actually loaded metadata providers
+ Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+
+ /* TODO: maybe add metadata provider destroy after timeout.
+ * But could be a problem if one Metadataprovider load an EntitiesDescriptor
+ * with more the multiple EntityDescriptors. If one of this EntityDesciptors
+ * are expired the full EntitiesDescriptor is removed.
+ *
+ * Timeout requires a better solution in this case!
+ */
+
+ //load all SAML2 SPs form configuration and
+ //compare actually loaded Providers with configured SAML2 SPs
+ List<String> allMetadataURLs = getAllMetadataURLsFromConfiguration();
+
+ if (allMetadataURLs != null) {
+ Iterator<String> metadataURLInterator = allMetadataURLs.iterator();
+ while (metadataURLInterator.hasNext()) {
+ String metadataurl = metadataURLInterator.next();
+ try {
+ if (StringUtils.isNotEmpty(metadataurl)) {
+ if (loadedproviders.containsKey(metadataurl)) {
+ // SAML2 SP is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
+
+ }
+ }
+ } catch (Throwable e) {
+ log.error(
+ "Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
+
+ }
+ }
+ }
+
+ //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+ Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+ for (HTTPMetadataProvider provider : notusedproviders) {
+ String metadataurl = provider.getMetadataURI();
+ try {
+ provider.destroy();
+
+ /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+ *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+ //chainProvider.removeMetadataProvider(provider);
+ log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+
+ } catch (Throwable e) {
+ log.error("HTTPMetadataProvider with URL " + metadataurl
+ + " can not be removed from the list of actually loaded Providers.", e);
+
+ }
+
+ }
+
+ try {
+ chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+ emitChangeEvent();
+
+ } catch (MetadataProviderException e) {
+ log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy", e);
+
+ }
+
+ } else
+ log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
+
+ }
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
new file mode 100644
index 00000000..37204520
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
@@ -0,0 +1,56 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+ private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
+
+
+ private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+
+ /**
+ * Return all actually used Metadata filters
+ *
+ * @return List of Metadata filters
+ */
+ public List<MetadataFilter> getFilters() {
+ return filters;
+ }
+
+ /**
+ * Add a new Metadata filter to filterchain
+ *
+ * @param filter
+ */
+ public void addFilter(MetadataFilter filter) {
+ filters.add(filter);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+ for (MetadataFilter filter : filters) {
+ log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
+ filter.doFilter(arg0);
+ }
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
new file mode 100644
index 00000000..0c6ffb49
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
@@ -0,0 +1,212 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.xml.parse.ParserPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class SimpleMetadataProvider implements MetadataProvider{
+ private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
+
+ private static final String URI_PREFIX_HTTP = "http:";
+ private static final String URI_PREFIX_HTTPS = "https:";
+ private static final String URI_PREFIX_FILE = "file:";
+
+
+ @Autowired
+ protected IConfiguration authConfig;
+
+
+ /**
+ * Create a single SAML2 metadata provider
+ *
+ * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
+ * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
+ * @param filter Filters, which should be used to validate the metadata
+ * @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param httpClient Apache commons 3.x http client
+ *
+ * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+ */
+ protected MetadataProvider createNewSimpleMetadataProvider(String metadataLocation, MetadataFilter filter,
+ String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
+ if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
+ if (httpClient != null)
+ return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool, httpClient);
+
+ else {
+ log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");
+ return null;
+ }
+
+ } else {
+ String absoluteMetadataLocation;
+ try {
+ absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+ metadataLocation,
+ authConfig.getConfigurationRootDirectory());
+
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists())
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+
+ else {
+ log.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
+
+
+ } catch (MalformedURLException e) {
+ log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+
+ }
+
+ }
+
+ log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
+ return null;
+
+ }
+
+
+ /**
+ * Create a single SAML2 filesystem based metadata provider
+ *
+ * @param metadataFile File, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
+ FilesystemMetadataProvider fileSystemProvider = null;
+ try {
+ fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
+ fileSystemProvider.setParserPool(pool);
+ fileSystemProvider.setRequireValidMetadata(true);
+ fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ //httpProvider.setRefreshDelayFactor(0.1F);
+
+ fileSystemProvider.setMetadataFilter(filter);
+ fileSystemProvider.initialize();
+
+ fileSystemProvider.setRequireValidMetadata(true);
+
+ return fileSystemProvider;
+
+ } catch (Exception e) {
+ log.warn(
+ "Failed to load Metadata file for "
+ + IdForLogging + "[ "
+ + "File: " + metadataFile.getAbsolutePath()
+ + " Msg: " + e.getMessage() + " ]", e);
+
+
+ log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
+ + " Reason: " + e.getMessage(), e);
+
+ if (fileSystemProvider != null)
+ fileSystemProvider.destroy();
+
+ }
+
+ return null;
+
+ }
+
+
+
+ /**
+ * Create a single SAML2 HTTP metadata provider
+ *
+ * @param metadataURL URL, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
+ HTTPMetadataProvider httpProvider = null;
+ try {
+ httpProvider = new HTTPMetadataProvider(timer, httpClient,
+ metadataURL);
+ httpProvider.setParserPool(pool);
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ //httpProvider.setRefreshDelayFactor(0.1F);
+
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.initialize();
+
+ httpProvider.setRequireValidMetadata(true);
+
+ return httpProvider;
+
+ } catch (Throwable e) {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.warn("SSL-Server certificate for metadata "
+ + metadataURL + " not trusted.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.warn("Signature verification for metadata"
+ + metadataURL + " FAILED.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.warn("Schema validation for metadata "
+ + metadataURL + " FAILED.", e);
+ }
+
+ log.warn(
+ "Failed to load Metadata file for "
+ + IdForLogging + "[ "
+ + e.getMessage() + " ]", e);
+
+ if (httpProvider != null) {
+ log.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+
+// if (timer != null) {
+// log.debug("Destroy Timer.");
+// timer.cancel();
+// }
+
+
+ }
+
+ return null;
+ }
+
+}