aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-07-17 10:25:02 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-07-17 10:25:02 +0200
commit91d38d59b42ee77346b0d33315f403d8fa678576 (patch)
tree00fe72e62c6dddbeb2ed60e230ff02e97a507be4
parent3e2575cfe85ac8f3076f0470a82191d9f1dae636 (diff)
downloadmoa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.tar.gz
moa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.tar.bz2
moa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.zip
update MOA SAML2 metadata provider to support metadata located on file system
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java105
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java145
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java116
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java3
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java14
5 files changed, 244 insertions, 139 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 61a380188..79e7e9252 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -111,81 +111,84 @@ public class OAPVP2ConfigValidation {
log.info("MetaDataURL has no valid form.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
- } else {
-
+ } else {
if (certSerialized == null) {
log.info("No certificate for metadata validation");
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
- } else {
-
- X509Certificate cert = new X509Certificate(certSerialized);
- BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityCertificate(cert);
+ } else {
+ if (form.getMetaDataURL().startsWith("http")) {
+ X509Certificate cert = new X509Certificate(certSerialized);
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
- timer = new Timer();
- httpClient = new MOAHttpClient();
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
- if (form.getMetaDataURL().startsWith("https:"))
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
- ConfigurationProvider.getInstance().getCertStoreDirectory(),
- ConfigurationProvider.getInstance().getTrustStoreDirectory(),
- null,
- "pkix",
- true,
- new String[]{"crl"},
- false);
+ if (form.getMetaDataURL().startsWith("https:"))
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true,
+ new String[]{"crl"},
+ false);
- httpClient.setCustomSSLTrustStore(
- form.getMetaDataURL(),
- protoSocketFactory);
+ httpClient.setCustomSSLTrustStore(
+ form.getMetaDataURL(),
+ protoSocketFactory);
- } catch (MOAHttpProtocolSocketFactoryException e) {
- log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
- } catch (ConfigurationException e) {
- log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+ } catch (ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
- }
+ }
- List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
- filterList.add(new MetaDataVerificationFilter(credential));
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
- try {
- filterList.add(new SchemaValidationFilter(
- ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+ try {
+ filterList.add(new SchemaValidationFilter(
+ ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
- } catch (ConfigurationException e) {
- log.warn("Configuration access FAILED!", e);
+ } catch (ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
- }
+ }
+
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.setFilters(filterList);
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- httpProvider =
- new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(filter);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ httpProvider.setRequireValidMetadata(true);
- httpProvider.setRequireValidMetadata(true);
+ httpProvider.initialize();
- httpProvider.initialize();
+ if (httpProvider.getMetadata() == null) {
+ log.info("Metadata could be received but validation FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ }
- if (httpProvider.getMetadata() == null) {
- log.info("Metadata could be received but validation FAILED.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ } else {
+ log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL());
+
}
-
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index b2597c3cb..5380d7f53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -38,6 +38,7 @@ import javax.xml.namespace.QName;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
@@ -45,6 +46,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
@@ -52,7 +54,6 @@ import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -154,7 +155,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//reload metadata provider
IOAAuthParameters oaParam =
- AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+ authConfig.getOnlineApplicationParameter(entityID);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -178,10 +179,11 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
timer = new Timer(true);
ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL,
+ MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL,
buildMetadataFilterChain(oaParam, metadataURL, cert),
oaFriendlyName,
- timer);
+ timer,
+ new BasicParserPool());
chainProvider.addMetadataProvider(newMetadataProvider);
@@ -203,9 +205,6 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
- } catch (ConfigurationException e) {
- Logger.warn("Access MOA-ID configuration FAILED.", e);
-
} catch (MetadataProviderException e) {
Logger.warn("Refresh PVP2X metadata for onlineApplication: "
+ entityID + " FAILED.", e);
@@ -268,7 +267,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
//load all PVP2 OAs form ConfigurationDatabase and
//compare actually loaded Providers with configured PVP2 OAs
- Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
+ Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ ".%."
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -279,7 +278,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
Entry<String, String> oaKeyPair = oaInterator.next();
IOAAuthParameters oaParam =
- AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
+ authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -409,83 +408,79 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
- try {
- Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
- + ".%."
- + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-
- if (allOAs != null) {
- Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
- while (oaInterator.hasNext()) {
- Entry<String, String> oaKeyPair = oaInterator.next();
-
- IOAAuthParameters oaParam =
- AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
- if (oaParam != null) {
- String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
- String oaFriendlyName = oaParam.getFriendlyName();
- HTTPMetadataProvider httpProvider = null;
+ Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ + ".%."
+ + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+
+ if (allOAs != null) {
+ Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
+ while (oaInterator.hasNext()) {
+ Entry<String, String> oaKeyPair = oaInterator.next();
- try {
- String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
- byte[] cert = Base64Utils.decode(certBase64, false);
-
-
- if (timer == null)
- timer = new Timer(true);
-
- Logger.info("Loading metadata for: " + oaFriendlyName);
- if (!providersinuse.containsKey(metadataurl)) {
- httpProvider = createNewHTTPMetaDataProvider(
- metadataurl,
- buildMetadataFilterChain(oaParam, metadataurl, cert),
- oaFriendlyName,
- timer);
-
- if (httpProvider != null)
- providersinuse.put(metadataurl, httpProvider);
+ IOAAuthParameters oaParam =
+ authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+ if (oaParam != null) {
+ String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
+ String oaFriendlyName = oaParam.getFriendlyName();
+ MetadataProvider httpProvider = null;
+
+ try {
+ String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+ if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
+ byte[] cert = Base64Utils.decode(certBase64, false);
- } else {
- Logger.info(metadataurl + " are already added.");
- }
+
+ if (timer == null)
+ timer = new Timer(true);
+
+ Logger.info("Loading metadata for: " + oaFriendlyName);
+ if (!providersinuse.containsKey(metadataurl)) {
+ httpProvider = createNewMoaMetadataProvider(
+ metadataurl,
+ buildMetadataFilterChain(oaParam, metadataurl, cert),
+ oaFriendlyName,
+ timer,
+ new BasicParserPool());
+
+ if (httpProvider != null)
+ providersinuse.put(metadataurl, httpProvider);
} else {
- Logger.info(oaFriendlyName
- + " is not a PVP2 Application skipping");
+ Logger.info(metadataurl + " are already added.");
}
- } catch (Throwable e) {
- Logger.error(
- "Failed to add Metadata (unhandled reason: "
- + e.getMessage(), e);
- if (httpProvider != null) {
- Logger.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
- }
- }
- }
+ } else {
+ Logger.info(oaFriendlyName
+ + " is not a PVP2 Application skipping");
+ }
+ } catch (Throwable e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
- } else
- Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-
- try {
- chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-
- } catch (MetadataProviderException e) {
- Logger.error(
- "Failed to add Metadata (unhandled reason: "
- + e.getMessage(), e);
+ if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
+ Logger.debug("Destroy failed Metadata provider");
+ ((BaseMetadataProvider)httpProvider).destroy();
+
+ }
+ }
+ }
}
- internalProvider = chainProvider;
-
- } catch (ConfigurationException e) {
- Logger.error("Access MOA-ID configuration FAILED.", e);
+ } else
+ Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
+
+ try {
+ chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+ } catch (MetadataProviderException e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
}
+
+ internalProvider = chainProvider;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index d5c7d9100..e060e18e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -22,15 +22,19 @@
*/
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
+import java.io.File;
import java.util.Timer;
import javax.net.ssl.SSLHandshakeException;
import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.parse.ParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
@@ -40,6 +44,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
/**
* @author tlenz
@@ -47,6 +52,104 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
+ private static final String URI_PREFIX_HTTP = "http:";
+ private static final String URI_PREFIX_HTTPS = "https:";
+ private static final String URI_PREFIX_FILE = "file:";
+
+
+ @Autowired
+ protected AuthConfiguration authConfig;
+
+ /**
+ * Create a single SAML2 MOA specific metadata provider
+ *
+ * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
+ * based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
+ * @param filter Filters, which should be used to validate the metadata
+ * @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ *
+ * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
+ */
+ protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter,
+ String IdForLogging, Timer timer, ParserPool pool) {
+ if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS))
+ return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
+
+ else {
+ String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+ metadataLocation,
+ authConfig.getRootConfigFileDir());
+
+ if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+ File metadataFile = new File(absoluteMetadataLocation);
+ if (metadataFile.exists())
+ return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+
+ else {
+ Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+ return null;
+ }
+
+ }
+ }
+
+ Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);
+ return null;
+
+ }
+
+
+ /**
+ * Create a single SAML2 filesystem based metadata provider
+ *
+ * @param metadataFile File, where the metadata should be loaded
+ * @param filter Filters, which should be used to validate the metadata
+ * @param IdForLogging Id, which is used for Logging
+ * @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
+ *
+ * @return SAML2 Metadata Provider
+ */
+ private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
+ FilesystemMetadataProvider fileSystemProvider = null;
+ try {
+ fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
+ fileSystemProvider.setParserPool(pool);
+ fileSystemProvider.setRequireValidMetadata(true);
+ fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ //httpProvider.setRefreshDelayFactor(0.1F);
+
+ fileSystemProvider.setMetadataFilter(filter);
+ fileSystemProvider.initialize();
+
+ fileSystemProvider.setRequireValidMetadata(true);
+
+ return fileSystemProvider;
+
+ } catch (Exception e) {
+ Logger.warn(
+ "Failed to load Metadata file for "
+ + IdForLogging + "[ "
+ + "File: " + metadataFile.getAbsolutePath()
+ + " Msg: " + e.getMessage() + " ]", e);
+
+
+ Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
+ + " Reason: " + e.getMessage(), e);
+
+ if (fileSystemProvider != null)
+ fileSystemProvider.destroy();
+
+ }
+
+ return null;
+
+ }
+
+
+
/**
* Create a single SAML2 HTTP metadata provider
*
@@ -54,16 +157,21 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
* @param filter Filters, which should be used to validate the metadata
* @param IdForLogging Id, which is used for Logging
* @param timer {@link Timer} which is used to schedule metadata refresh operations
+ * @param pool
*
* @return SAML2 Metadata Provider
*/
- protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer) {
+ private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
HTTPMetadataProvider httpProvider = null;
//Timer timer= null;
MOAHttpClient httpClient = null;
try {
httpClient = new MOAHttpClient();
+ HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+
if (metadataURL.startsWith("https:")) {
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
@@ -88,7 +196,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
// timer = new Timer(true);
httpProvider = new HTTPMetadataProvider(timer, httpClient,
metadataURL);
- httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setParserPool(pool);
httpProvider.setRequireValidMetadata(true);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
@@ -115,7 +223,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
+ metadataURL + " FAILED.", e);
}
- Logger.error(
+ Logger.warn(
"Failed to load Metadata file for "
+ IdForLogging + "[ "
+ e.getMessage() + " ]", e);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index fcf4c3ffa..4df11b35c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -16,7 +16,8 @@ public interface AuthConfiguration extends ConfigurationProvider{
public static final String DEFAULT_X509_CHAININGMODE = "pkix";
-
+ public static final int CONFIG_PROPS_METADATA_SOCKED_TIMEOUT = 20 * 1000; //20 seconds metadata socked timeout
+
public Properties getGeneralPVP2ProperiesConfig();
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index b35ffdf62..adc2a310b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -36,12 +36,11 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.opensaml.xml.parse.BasicParserPool;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.IDestroyableObject;
import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -57,8 +56,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("ELGAMandate_MetadataProvider")
public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
implements IDestroyableObject {
-
- @Autowired AuthConfiguration authConfig;
private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
private Timer timer = null;
@@ -256,11 +253,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
filter.addFilter(new SchemaValidationFilter(true));
filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL,
filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- timer);
-
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ timer,
+ new BasicParserPool());
+
if (idpMetadataProvider == null) {
Logger.error("Create ELGA Mandate-Service Client FAILED.");
throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadata provider.");