fix problems with dynamic PVP2X metadata refresh

5 files changed, 49 insertions, 11 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 1a268c812..5402e3dce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -62,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class PostBinding implements IDecoder, IEncoder {
 
@@ -170,10 +171,12 @@ public class PostBinding implements IDecoder, IEncoder {
 			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
 					.getInboundMessage();			
 			msg = new MOARequest(inboundMessage, getSAML2BindingName());
+			msg.setEntityID(inboundMessage.getIssuer().getValue());
 			
 		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();			
+			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
 			msg = new MOAResponse(inboundMessage);
+			msg.setEntityID(inboundMessage.getIssuer().getValue());
 			
 		} else
 			//create empty container if request type is unknown
@@ -182,8 +185,10 @@ public class PostBinding implements IDecoder, IEncoder {
 		if (messageContext.getPeerEntityMetadata() != null)
 			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
 		
-		else
-			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+		else {
+			if (MiscUtil.isEmpty(msg.getEntityID()))
+				Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+		}
 		
 		msg.setVerified(false);
 		msg.setRelayState(messageContext.getRelayState());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 0b6cb6eea..81863f48f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -178,12 +178,12 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			signatureRule.evaluate(messageContext);
 			
 		} catch (SecurityException e) {
-			if (MiscUtil.isEmpty(messageContext.getPeerEntityId())) {
+			if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
 				throw e;
 			
 			}			
 			Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId());
-			if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(messageContext.getPeerEntityId()))
+			if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
 				throw e;
 			
 			else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index c2127a2af..389b9825f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -26,12 +26,14 @@ import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -46,6 +48,8 @@ import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
+import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 
@@ -66,11 +70,12 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-public class MOAMetadataProvider implements MetadataProvider {
+public class MOAMetadataProvider implements ObservableMetadataProvider{
 
 	private static MOAMetadataProvider instance = null;
-
 	private static Object mutex = new Object();
+	private List<ObservableMetadataProvider.Observer> observers;
+	
 	
 	public static MOAMetadataProvider getInstance() {
 		if (instance == null) {
@@ -111,7 +116,6 @@ public class MOAMetadataProvider implements MetadataProvider {
 	
 	MetadataProvider internalProvider;
 
-	
 	public boolean refreshMetadataProvider(String entityID) {
 		try {
 			OAAuthParameter oaParam = 
@@ -142,6 +146,9 @@ public class MOAMetadataProvider implements MetadataProvider {
 										cert));
 						
 						chainProvider.addMetadataProvider(newMetadataProvider);
+						
+						emitChangeEvent();
+						
 						Logger.info("PVP2X metadata for onlineApplication: " 
 								+ entityID + " is added.");
 						return true;
@@ -299,6 +306,8 @@ public class MOAMetadataProvider implements MetadataProvider {
 			try {
 				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
 				
+				emitChangeEvent();
+								
 			} catch (MetadataProviderException e) {
 				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
 				
@@ -328,7 +337,9 @@ public class MOAMetadataProvider implements MetadataProvider {
 				} else {
 					Logger.warn("MetadataProvider can not be destroyed.");
 				}
-			}	
+			}
+			
+			this.observers = Collections.emptyList();			
 			instance = null;
 		} else {
 			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
@@ -337,10 +348,12 @@ public class MOAMetadataProvider implements MetadataProvider {
 	
 	private MOAMetadataProvider() {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		Logger.info("Loading metadata");
+		this.observers = new CopyOnWriteArrayList<Observer>();
 		
+		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
 		try {
+			//TODO: database search does not work!!!!!
 			Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
 					MOAIDConfigurationConstants.PREFIX_SERVICES 
 					+ ".%." 
@@ -550,4 +563,23 @@ public class MOAMetadataProvider implements MetadataProvider {
 		return internalProvider.getRole(entityID, roleName, supportedProtocol);
 	}
 
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
+	 */
+	@Override
+	public List<Observer> getObservers() {
+		return ((ChainingMetadataProvider) internalProvider).getObservers();
+	}
+
+	protected void emitChangeEvent() {
+		if ((getObservers() == null) || (getObservers().size() == 0)) {
+			return;
+		}
+
+		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
+		for (ObservableMetadataProvider.Observer observer : tempObserverList)
+			if (observer != null)
+				observer.onEvent(this);
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 985d499ba..fc1aa714e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -48,7 +48,7 @@ auth.27=Federated authentication FAILED.
 

 init.00=MOA ID Authentisierung wurde erfolgreich gestartet

 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar

-init.02=Fehler beim Starten des Service MOA ID Authentisierung

+init.02=Fehler beim Starten des Service MOA-ID-Auth

 init.04=Fehler beim Datenbankzugriff mit der SessionID {0}

  

 

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index eeacdc627..faafa6fd2 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -54,6 +54,7 @@ config.19=9199
 config.20=9199 
 config.21=9006
 config.22=9008
+config.23=9199
 
 parser.00=1101
 parser.01=1101