initial commit

3 files changed, 714 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
new file mode 100644
index 00000000..c3eaa9a3
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java
@@ -0,0 +1,446 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+
+public abstract class AbstractChainingMetadataProvider extends SimpleMetadataProvider
+	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
+	IRefreshableMetadataProvider, IDestroyableObject, IPVPMetadataProvider {
+
+	private static final Logger log = LoggerFactory.getLogger(AbstractChainingMetadataProvider.class);
+	
+	private MetadataProvider internalProvider = null;
+	private static Object mutex = new Object();	
+	private Timer timer = null; 
+	
+		
+	public AbstractChainingMetadataProvider() {
+		internalProvider = new ChainingMetadataProvider();	
+		
+	}
+	
+	public final Timer getTimer() {
+		return this.timer;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+	 */
+	@Override
+	public void runGarbageCollector() {
+		synchronized (mutex) {			
+			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+			try {
+				log.trace("Check consistence of PVP2X metadata");	
+				addAndRemoveMetadataProvider(); 
+					
+			} catch (EAAFConfigurationException e) {
+				log.error("Access to MOA-ID configuration FAILED.", e);
+					
+			}
+		}
+		
+	}
+			
+	public void fullyDestroy() {
+		internalDestroy();
+			
+	}
+	
+	@Override
+	public synchronized boolean refreshMetadataProvider(String entityID) {
+		try {			
+			//check if metadata provider is already loaded
+			try {
+				if (internalProvider.getEntityDescriptor(entityID) != null)
+					return true;
+				
+			} catch (MetadataProviderException e) {}
+			
+			
+			//reload metadata provider 
+			String metadataURL = getMetadataURL(entityID);
+			if (StringUtils.isNotEmpty(metadataURL)) {
+				Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+				// check if MetadataProvider is actually loaded
+				if (actuallyLoadedProviders.containsKey(metadataURL)) {
+					actuallyLoadedProviders.get(metadataURL).refresh();						
+					log.info("SAML2 metadata for service provider: " 
+							+ entityID + " is refreshed.");
+					return true;
+						
+				} else {
+					//load new Metadata Provider
+					if (timer == null)
+						timer = new Timer(true);
+
+					ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;											
+					chainProvider.addMetadataProvider(createNewMetadataProvider(entityID));
+					
+					emitChangeEvent();						
+					log.info("SAML2 metadata for service provider: " 
+							+ entityID + " is added.");
+					return true;
+						
+				}
+															
+			} else
+				log.debug("Can not refresh SAML2 metadata: NO SAML2 metadata URL for SP with Id: " + entityID);
+																	
+		} catch (MetadataProviderException e) {
+			log.warn("Refresh SAML2 metadata for service provider: " 
+					+ entityID + " FAILED.", e);
+			
+		} catch (IOException e) {
+			log.warn("Refresh SAML2 metadata for service provider: " 
+					+ entityID + " FAILED.", e);
+			
+		} catch (EAAFConfigurationException e) {			
+			log.warn("Refresh SAML2 metadata for service provider: " 
+					+ entityID + " FAILED.", e);
+			
+		} catch (CertificateException e) {
+			log.warn("Refresh SAML2 metadata for service provider: " 
+					+ entityID + " FAILED.", e);
+			
+		}
+		
+		return false;
+		
+	}
+			
+	public void internalDestroy() {
+		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+			log.info("Destrorying PVP-Authentication MetaDataProvider.");
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
+			
+			List<MetadataProvider> providers = chainProvider.getProviders();
+			for (MetadataProvider provider : providers) {
+				if (provider instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+					log.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+					httpprovider.destroy();
+					
+				} else {
+					log.warn("MetadataProvider can not be destroyed.");
+				}
+			}
+				
+			internalProvider = new ChainingMetadataProvider();
+			
+			if (timer != null)
+				timer.cancel();
+			
+		} else {
+			log.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+		}
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#requireValidMetadata()
+	 */
+	@Override
+	public boolean requireValidMetadata() {
+		return internalProvider.requireValidMetadata();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setRequireValidMetadata(boolean)
+	 */
+	@Override
+	public void setRequireValidMetadata(boolean requireValidMetadata) {
+		internalProvider.setRequireValidMetadata(requireValidMetadata);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadataFilter()
+	 */
+	@Override
+	public MetadataFilter getMetadataFilter() {
+		return internalProvider.getMetadataFilter();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+	 */
+	@Override
+	public void setMetadataFilter(MetadataFilter newFilter)
+			throws MetadataProviderException {
+		internalProvider.setMetadataFilter(newFilter);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getMetadata()
+	 */
+	@Override
+	public XMLObject getMetadata() throws MetadataProviderException {
+		return internalProvider.getMetadata();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntitiesDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
+			throws MetadataProviderException {
+		EntitiesDescriptor entitiesDesc = null;
+		try {
+			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+		
+			if (entitiesDesc == null) {
+				log.debug("Can not find PVP metadata for entityID: " + entitiesID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entitiesID))
+					return internalProvider.getEntitiesDescriptor(entitiesID);
+									
+			}			
+			
+		} catch (MetadataProviderException e) {
+			log.debug("Can not find PVP metadata for entityID: " + entitiesID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entitiesID))
+				return internalProvider.getEntitiesDescriptor(entitiesID);
+			
+		}	
+		
+		return entitiesDesc;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String entityID)
+			throws MetadataProviderException {
+		EntityDescriptor entityDesc = null;
+		try {
+			entityDesc = internalProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				log.debug("Can not find PVP metadata for entityID: " + entityID 
+						+ " Start refreshing process ...");
+				if (refreshMetadataProvider(entityID))
+					return internalProvider.getEntityDescriptor(entityID);
+									
+			}
+			
+		} catch (MetadataProviderException e) {
+			log.debug("Can not find PVP metadata for entityID: " + entityID 
+					+ " Start refreshing process ...");
+			if (refreshMetadataProvider(entityID))
+				return internalProvider.getEntityDescriptor(entityID);
+			
+		}
+		
+//		if (entityDesc != null)
+//			lastAccess.put(entityID, new Date());
+		
+		return entityDesc;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+	 */
+	@Override
+	public List<RoleDescriptor> getRole(String entityID, QName roleName)
+			throws MetadataProviderException {		
+		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+		
+//		if (result != null)
+//			lastAccess.put(entityID, new Date());
+		
+		return result; 
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IEAAFMetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+	 */
+	@Override
+	public RoleDescriptor getRole(String entityID, QName roleName,
+			String supportedProtocol) throws MetadataProviderException {
+		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+		
+//		if (result != null)
+//			lastAccess.put(entityID, new Date());
+		
+		return result; 
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+	 */
+	@Override
+	public List<Observer> getObservers() {
+		return ((ChainingMetadataProvider) internalProvider).getObservers();
+	}
+
+	
+	/**
+	 * Get the URL to metadata for a specific entityID
+	 * 
+	 * @param entityId
+	 * @return
+	 * @throws EAAFConfigurationException 
+	 */
+	protected abstract String getMetadataURL(String entityId) throws EAAFConfigurationException;
+	
+	/**
+	 * Creates a new implementation specific SAML2 metadata provider
+	 * 
+	 * @param entityId
+	 * @return
+	 * @throws EAAFConfigurationException
+	 * @throws IOException 
+	 * @throws CertificateException 
+	 * @throws ConfigurationException 
+	 */
+	protected abstract MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException;
+	
+	/**
+	 * Get a List of metadata URLs for all SAML2 SPs from configuration 
+	 * 
+	 * @throws EAAFConfigurationException
+	 */
+	protected abstract List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException;
+	
+	
+	protected void emitChangeEvent() {
+		if ((getObservers() == null) || (getObservers().size() == 0)) {
+			return;
+		}
+
+		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+		for (ObservableMetadataProvider.Observer observer : tempObserverList)
+			if (observer != null)
+				observer.onEvent(this);
+	}
+	
+	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+		
+		//make a Map of all actually loaded HTTPMetadataProvider
+		List<MetadataProvider> providers = chainProvider.getProviders();
+		for (MetadataProvider provider : providers) {
+			if (provider instanceof HTTPMetadataProvider) {
+				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+			}
+		}
+		
+		return loadedproviders;		
+	}
+	
+	private void addAndRemoveMetadataProvider() throws EAAFConfigurationException {
+		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+			log.info("Reload MOAMetaDataProvider.");
+			
+			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
+			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			
+			//get all actually loaded metadata providers
+			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+						
+			/* TODO: maybe add metadata provider destroy after timeout.
+			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
+			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
+			 *       are expired the full EntitiesDescriptor is removed. 
+			 *       
+			 *       Timeout requires a better solution in this case! 
+			 */
+									
+			//load all SAML2 SPs form configuration and 
+			//compare actually loaded Providers with configured SAML2 SPs			
+			List<String> allMetadataURLs = getAllMetadataURLsFromConfiguration();
+			
+			if (allMetadataURLs != null) {
+				Iterator<String> metadataURLInterator = allMetadataURLs.iterator();
+				while (metadataURLInterator.hasNext()) {
+					String metadataurl = metadataURLInterator.next();			
+					try {
+						if (StringUtils.isNotEmpty(metadataurl)) {						
+							if (loadedproviders.containsKey(metadataurl)) {									
+								//	SAML2 SP is actually loaded, to nothing
+								providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+								loadedproviders.remove(metadataurl);
+													
+							}
+						}
+					} catch (Throwable e) {
+						log.error(
+						"Failed to add Metadata (unhandled reason: " + e.getMessage(), e);
+										
+					}	
+				}
+			}
+			
+			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+			for (HTTPMetadataProvider provider : notusedproviders) {
+				String metadataurl = provider.getMetadataURI();				
+				try {					
+					provider.destroy();
+					
+					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+					//chainProvider.removeMetadataProvider(provider);					
+					log.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+					
+				} catch (Throwable e) {
+					log.error("HTTPMetadataProvider with URL " + metadataurl 
+							+ " can not be removed from the list of actually loaded Providers.", e);
+					
+				}
+				
+			}
+			
+			try {
+				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));				
+				emitChangeEvent();
+								
+			} catch (MetadataProviderException e) {
+				log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy", e);
+														
+			}
+			
+		} else
+			log.warn("ReInitalize AbstractMetaDataProvider is not possible! Service has to be restarted manualy");
+		
+	}
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
new file mode 100644
index 00000000..37204520
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/MetadataFilterChain.java
@@ -0,0 +1,56 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MetadataFilterChain implements MetadataFilter {
+	private static final Logger log = LoggerFactory.getLogger(MetadataFilterChain.class);
+		
+	
+	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
+		
+	/**
+	 * Return all actually used Metadata filters
+	 * 
+	 * @return List of Metadata filters
+	 */
+	public List<MetadataFilter> getFilters() {
+		return filters;
+	}
+	
+	/**
+	 * Add a new Metadata filter to filterchain
+	 * 
+	 * @param filter 
+	 */
+	public void addFilter(MetadataFilter filter) {
+		filters.add(filter);
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject arg0) throws FilterException {
+		for (MetadataFilter filter : filters) {
+			log.trace("Use EAAFMetadataFilter " + filter.getClass().getName());
+			filter.doFilter(arg0);
+		}
+
+	}
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
new file mode 100644
index 00000000..0c6ffb49
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/SimpleMetadataProvider.java
@@ -0,0 +1,212 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.metadata;
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.util.Timer;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.xml.parse.ParserPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class SimpleMetadataProvider implements MetadataProvider{
+	private static final Logger log = LoggerFactory.getLogger(SimpleMetadataProvider.class);
+	
+	private static final String URI_PREFIX_HTTP = "http:";
+	private static final String URI_PREFIX_HTTPS = "https:";
+	private static final String URI_PREFIX_FILE = "file:";
+	
+	
+	@Autowired 
+	protected IConfiguration authConfig;
+
+	
+	/**
+	 * Create a single SAML2 metadata provider
+	 * 
+	 * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
+	 *  based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
+	 * @param filter Filters, which should be used to validate the metadata
+	 * @param IdForLogging Id, which is used for Logging
+	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
+	 * @param httpClient Apache commons 3.x http client
+	 * 
+	 * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+	 */
+	protected MetadataProvider createNewSimpleMetadataProvider(String metadataLocation, MetadataFilter filter, 
+			String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
+		if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) {
+			if (httpClient != null)
+				return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool, httpClient);
+			
+			else {
+				log.warn("Can not load http(s) based SAML2 metadata without a HTTP client");		
+				return null;
+			}
+		 
+		} else {
+			String absoluteMetadataLocation;
+			try {
+				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+						metadataLocation,
+						authConfig.getConfigurationRootDirectory());
+				
+				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+					File metadataFile = new File(absoluteMetadataLocation);
+					if (metadataFile.exists())
+						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+					
+					else {
+						log.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+						return null;
+					}
+					
+				}	
+				
+				
+			} catch (MalformedURLException e) {
+				log.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+				
+			}
+							
+		}
+		
+		log.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
+		return null;
+		
+	}
+	
+	
+	/**
+	 * Create a single SAML2 filesystem based metadata provider
+	 * 
+	 * @param metadataFile File, where the metadata should be loaded
+	 * @param filter Filters, which should be used to validate the metadata
+	 * @param IdForLogging Id, which is used for Logging
+	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
+	 * @param pool 
+	 * 
+	 * @return SAML2 Metadata Provider
+	 */	
+	private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
+		FilesystemMetadataProvider fileSystemProvider = null;
+		try {
+			fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
+			fileSystemProvider.setParserPool(pool);
+			fileSystemProvider.setRequireValidMetadata(true);
+			fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			fileSystemProvider.setMetadataFilter(filter);
+			fileSystemProvider.initialize();
+			
+			fileSystemProvider.setRequireValidMetadata(true);
+			
+			return fileSystemProvider;
+						
+		} catch (Exception e) {
+			log.warn(
+					"Failed to load Metadata file for "
+							+ IdForLogging + "[ "
+							+ "File: " + metadataFile.getAbsolutePath()
+							+ " Msg: " + e.getMessage() + " ]", e);
+			
+			
+			log.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
+					+ " Reason: " + e.getMessage(), e);
+			
+			if (fileSystemProvider != null)
+				fileSystemProvider.destroy();
+			
+		}
+				
+		return null;
+				
+	}
+	
+	
+	
+	/**
+	 * Create a single SAML2 HTTP metadata provider
+	 * 
+	 * @param metadataURL URL, where the metadata should be loaded
+	 * @param filter Filters, which should be used to validate the metadata
+	 * @param IdForLogging Id, which is used for Logging
+	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
+	 * @param pool 
+	 * 
+	 * @return SAML2 Metadata Provider
+	 */
+	private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool, HttpClient httpClient) {
+		HTTPMetadataProvider httpProvider = null;
+		try {			
+			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
+					metadataURL);
+			httpProvider.setParserPool(pool);
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			httpProvider.setMetadataFilter(filter);
+			httpProvider.initialize();
+			
+			httpProvider.setRequireValidMetadata(true);
+			
+			return httpProvider;
+						
+		} catch (Throwable e) {			
+			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+				log.warn("SSL-Server certificate for metadata " 
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				log.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			 
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				log.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
+			}
+			
+			log.warn(
+					"Failed to load Metadata file for "
+							+ IdForLogging + "[ "
+							+ e.getMessage() + " ]", e);
+						
+			if (httpProvider != null) {
+				log.debug("Destroy failed Metadata provider");
+				httpProvider.destroy();
+			}
+			
+//			if (timer != null) {
+//				log.debug("Destroy Timer.");
+//				timer.cancel();
+//			}
+
+			
+		}
+		
+		return null;	
+	}
+
+}