Reload MOAMetadataProvider after config changes

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 19:32:36 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 19:32:36 +0200
commit: 1984a9914bb024bdd7b486ec6dd6ba4144c0c70b (patch)
tree: 42481e5e1d71bf24e90a6689c359af037b1b8248
parent: f52976e984450d6802067acad12a0b8143f4ce75 (diff)
download: moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.gz
moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.bz2
moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.zip
4 files changed, 80 insertions, 5 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index f160e3e51..cd34d382b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
@@ -19,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
 import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
@@ -297,7 +299,9 @@ ServletResponseAware {
 								
 				if (!authUser.isAdmin()) {
 					onlineapplication.setIsAdminRequired(true);
+					
 				}
+					
 				
 			} else {
 				if (!authUser.isAdmin() && 
@@ -332,6 +336,22 @@ ServletResponseAware {
 					} catch (ConfigurationException e) {
 						log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
 					}
+				}	
+			}
+			
+			if (pvp2OA.getMetaDataURL() != null) {
+				
+				try {
+					if (newentry ||	!pvp2OA.getMetaDataURL()
+							.equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
+					
+						MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
+						moaconfig.setPvp2RefreshItem(new Date());
+						ConfigurationDBUtils.saveOrUpdate(moaconfig);
+					
+					}
+				} catch (Throwable e) {
+					log.info("Found no MetadataURL in OA-Databaseconfig!", e);
 				}
 				
 			}
@@ -348,6 +368,8 @@ ServletResponseAware {
 			}
 		}
 		
+		
+		
 
 		Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);	
 		if (nextPageAttr != null && nextPageAttr instanceof String) {
@@ -479,8 +501,22 @@ ServletResponseAware {
 		}
 			
 		OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
-				
 		request.getSession().setAttribute(Constants.SESSION_OAID, null);
+		
+		
+		try {
+			if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
+			
+				MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration();
+				moaconfig.setPvp2RefreshItem(new Date());
+				ConfigurationDBUtils.saveOrUpdate(moaconfig);
+			
+			}
+		} catch (Throwable e) {
+			log.info("Found no MetadataURL in OA-Databaseconfig!", e);
+		}
+		
+		
 		if (ConfigurationDBUtils.delete(onlineapplication)) {
 			
 			if (!authUser.isAdmin()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
index 12ab3f871..92323f02b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -1,10 +1,15 @@
 package at.gv.egovernment.moa.id.config.auth;
 
+import iaik.util.logging.Log;
+
 import java.util.Date;
 
+import org.bouncycastle.asn1.pkcs.Pfx;
+
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 
@@ -20,6 +25,7 @@ public class AuthConfigLoader implements Runnable {
 				Logger.info("check for new config.");
 				MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
 				Date dbdate = moaidconfig.getTimestampItem();
+				Date pvprefresh = moaidconfig.getPvp2RefreshItem();
 				ConfigurationDBUtils.closeSession();
 
 				Date date = AuthConfigurationProvider.getTimeStamp();
@@ -28,6 +34,14 @@ public class AuthConfigLoader implements Runnable {
 					AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance();
 					instance.reloadDataBaseConfig();
 				}
+				
+				Date pvpdate = MOAMetadataProvider.getTimeStamp();
+				if (pvprefresh != null && pvprefresh.after(pvpdate)) {
+					MOAMetadataProvider metainst = MOAMetadataProvider.getInstance();
+					metainst.reInitialize();
+				}
+				
+				
 			} catch (Throwable e) {
 				Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index a92ac8e7f..a61633e12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -1,11 +1,16 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
+import iaik.util.logging.Log;
+
 import java.security.cert.CertificateException;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -29,7 +34,9 @@ public class MOAMetadataProvider implements MetadataProvider {
 	private static MOAMetadataProvider instance = null;
 
 	private static Object mutex = new Object();
-
+	private static Date timestamp;
+	
+	
 	public static MOAMetadataProvider getInstance() {
 		if (instance == null) {
 			synchronized (mutex) {
@@ -41,6 +48,17 @@ public class MOAMetadataProvider implements MetadataProvider {
 		return instance;
 	}
 
+	public static Date getTimeStamp() {
+		return timestamp;
+	}
+	
+	public void reInitialize() {
+		synchronized (mutex) {
+			Log.info("ReInitalize MOAMetaDataProvider.");
+			instance = new MOAMetadataProvider();
+		}
+	}
+	
 	MetadataProvider internalProvider;
 
 	private MOAMetadataProvider() {
@@ -59,15 +77,20 @@ public class MOAMetadataProvider implements MetadataProvider {
 					String metadataURL = pvp2Config.getMetadataURL();
 					try {
 						// TODO: use proper SSL checking
-						HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
-								metadataURL, 20000);
+						HTTPMetadataProvider httpProvider = 
+								new HTTPMetadataProvider(new Timer(), new HttpClient(), 
+										metadataURL);
 						httpProvider.setParserPool(new BasicParserPool());
 						httpProvider.setRequireValidMetadata(true);
+						httpProvider.setMinRefreshDelay(1000*60*5); //5min
+						httpProvider.setMaxRefreshDelay(1000*60*30); //30min
+						//httpProvider.setRefreshDelayFactor(0.1F);
 						MetadataFilter filter = new MetadataSignatureFilter(
 								metadataURL, pvp2Config.getCertificate());
 						httpProvider.setMetadataFilter(filter);
 						chainProvider.addMetadataProvider(httpProvider);
 						httpProvider.initialize();
+
 					} catch (MetadataProviderException e) {
 						Logger.error(
 								"Failed to add Metadata file for "
@@ -91,8 +114,9 @@ public class MOAMetadataProvider implements MetadataProvider {
 		}
 		
 		internalProvider = chainProvider;
+		timestamp = new Date();
 	}
-
+	
 	public boolean requireValidMetadata() {
 		return internalProvider.requireValidMetadata();
 	}
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index c17a8cbd4..dd696f42f 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -272,6 +272,7 @@
 				</xsd:element>
 			</xsd:sequence>
 			<xsd:attribute name="timestamp" type="xsd:dateTime"/>
+			<xsd:attribute name="pvp2refresh" type="xsd:dateTime"/>
 		</xsd:complexType>
 	</xsd:element>
 	<xsd:complexType name="AuthComponentType">
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 19:32:36 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 19:32:36 +0200
commit	1984a9914bb024bdd7b486ec6dd6ba4144c0c70b (patch)
tree	42481e5e1d71bf24e90a6689c359af037b1b8248
parent	f52976e984450d6802067acad12a0b8143f4ce75 (diff)
download	moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.gz moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.bz2 moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.zip