aboutsummaryrefslogtreecommitdiff
path: root/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
diff options
context:
space:
mode:
Diffstat (limited to 'connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java')
-rw-r--r--connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java155
1 files changed, 155 insertions, 0 deletions
diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
new file mode 100644
index 00000000..6a223fd0
--- /dev/null
+++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/provider/PvpMetadataProvider.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.connector.provider;
+
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.List;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.connector.verification.MetadataSignatureVerificationFilter;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+
+@Service("PVPMetadataProvider")
+public class PvpMetadataProvider extends AbstractChainingMetadataProvider {
+ private static final Logger log = LoggerFactory.getLogger(PvpMetadataProvider.class);
+
+ @Autowired(required = true)
+ IConfigurationWithSP basicConfig;
+
+ @Override
+ protected String getMetadataUrl(String entityId) throws EaafConfigurationException {
+ final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
+ if (spConfig != null) {
+ String metadataUrl = entityId;
+
+ final String metadataUrlFromConfig = spConfig.getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
+ if (StringUtils.isNotEmpty(metadataUrlFromConfig)) {
+ log.debug("Use metdataURL from configuration for EntityId: " + entityId);
+ metadataUrl = metadataUrlFromConfig;
+
+ }
+
+ return metadataUrl;
+
+ } else {
+ log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
+ }
+
+ return null;
+ }
+
+ @Override
+ protected MetadataProvider createNewMetadataProvider(String entityId)
+ throws EaafConfigurationException, IOException, CertificateException {
+ final ISpConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
+ if (spConfig != null) {
+ try {
+ String metadataUrl = spConfig.getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
+ if (StringUtils.isEmpty(metadataUrl)) {
+ log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
+ metadataUrl = entityId;
+
+ }
+ final String trustStoreUrl = FileUtils.makeAbsoluteUrl(
+ spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE),
+ authConfig.getConfigurationRootDirectory());
+ final String trustStorePassword = spConfig.getConfigurationValue(
+ MsEidasNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD);
+
+ return createNewSimpleMetadataProvider(metadataUrl,
+ buildMetadataFilterChain(metadataUrl, trustStoreUrl, trustStorePassword),
+ spConfig.getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
+ getTimer(),
+ new BasicParserPool(),
+ createHttpClient());
+
+ } catch (final Pvp2MetadataException e) {
+ log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
+ throw new EaafConfigurationException("config.27",
+ new Object[] { "Can NOT initialize Metadata signature-verification filter. Reason: " + e
+ .getMessage() }, e);
+
+ }
+
+ } else {
+ log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
+ }
+
+ return null;
+ }
+
+ @Override
+ protected List<String> getAllMetadataUrlsFromConfiguration() throws EaafConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ private HttpClient createHttpClient() {
+ final HttpClient httpClient = new HttpClient();
+ final HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(MsEidasNodeConstants.METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+ return httpClient;
+
+ }
+
+ private MetadataFilterChain buildMetadataFilterChain(String metadataUrl,
+ String trustStoreUrl, String trustStorePassword) throws CertificateException, Pvp2MetadataException {
+ final MetadataFilterChain filterChain = new MetadataFilterChain();
+ filterChain.getFilters().add(new SchemaValidationFilter(
+ basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION,
+ true)));
+
+ filterChain.getFilters().add(
+ new MetadataSignatureVerificationFilter(
+ trustStoreUrl, trustStorePassword, metadataUrl));
+
+ filterChain.getFilters().add(new PvpEntityCategoryFilter(
+ basicConfig.getBasicConfigurationBoolean(MsEidasNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES,
+ true)));
+
+ return filterChain;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-01 03:10:22 +0000