devel

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-07-02 07:26:30 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-07-02 07:26:30 +0200
commit: 5bc01dab26425144a41dbece04b642fb963e1315 (patch)
tree: 543fe5f7b8d576c7e85ba711c1f9bf03d3dc699f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
parent: 06e63a4fb89dd92583fc3e72e12750becdd6c8ef (diff)
download: moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.tar.gz
moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.tar.bz2
moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.zip
1 files changed, 220 insertions, 128 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 0ec79c79a..c2127a2af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -22,6 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
+import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -30,6 +31,7 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -47,13 +49,13 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
@@ -61,6 +63,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.Interfeder
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MOAMetadataProvider implements MetadataProvider {
@@ -68,7 +71,6 @@ public class MOAMetadataProvider implements MetadataProvider {
 	private static MOAMetadataProvider instance = null;
 
 	private static Object mutex = new Object();
-	private static Date timestamp = null;
 	
 	public static MOAMetadataProvider getInstance() {
 		if (instance == null) {
@@ -80,18 +82,19 @@ public class MOAMetadataProvider implements MetadataProvider {
 		}
 		return instance;
 	}
-
-	public static Date getTimeStamp() {
-		return timestamp;
-	}
 	
 	public static void reInitialize() {
 		synchronized (mutex) {
 			
 			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
 			if (instance != null)
-				instance.addAndRemoveMetadataProvider();
-			
+				try {					
+					instance.addAndRemoveMetadataProvider();
+					
+				} catch (ConfigurationException e) {
+					Logger.error("Access to MOA-ID configuration FAILED.", e);
+					
+				}
 			else
 				Logger.info("MOAMetadataProvider is not loaded.");
 		}
@@ -109,89 +112,165 @@ public class MOAMetadataProvider implements MetadataProvider {
 	MetadataProvider internalProvider;
 
 	
-	private void addAndRemoveMetadataProvider() {
+	public boolean refreshMetadataProvider(String entityID) {
+		try {
+			OAAuthParameter oaParam = 
+					AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+			if (oaParam != null) {
+				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
+				if (MiscUtil.isNotEmpty(metadataURL)) {
+					Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
+
+					// check if MetadataProvider is actually loaded
+					if (actuallyLoadedProviders.containsKey(metadataURL)) {
+						actuallyLoadedProviders.get(metadataURL).refresh();						
+						Logger.info("PVP2X metadata for onlineApplication: " 
+								+ entityID + " is refreshed.");
+						return true;
+						
+					} else {
+						//load new Metadata Provider
+						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+						if (MiscUtil.isNotEmpty(certBase64)) {
+						byte[] cert = Base64Utils.decode(certBase64, false);
+						String oaFriendlyName = oaParam.getFriendlyName();
+					
+						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
+						HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, 
+								cert, oaFriendlyName, 
+								buildMetadataFilterChain(oaParam, metadataURL, 
+										cert));
+						
+						chainProvider.addMetadataProvider(newMetadataProvider);
+						Logger.info("PVP2X metadata for onlineApplication: " 
+								+ entityID + " is added.");
+						return true;
+						
+						} else
+							Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
+						
+					}
+															
+				} else
+					Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
+								
+			} else
+				Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
+				
+						
+		} catch (ConfigurationException e) {
+			Logger.warn("Access MOA-ID configuration FAILED.", e);
+			
+		} catch (MetadataProviderException e) {
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
+			
+		} catch (IOException e) {
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
+			
+		} catch (CertificateException e) {
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
+			
+		}
+		
+		return false;
+		
+	}
+	
+	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
+		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+		
+		//make a Map of all actually loaded HTTPMetadataProvider
+		List<MetadataProvider> providers = chainProvider.getProviders();
+		for (MetadataProvider provider : providers) {
+			if (provider instanceof HTTPMetadataProvider) {
+				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+
+			}
+		}
+		
+		return loadedproviders;		
+	}
+	
+	
+	private void addAndRemoveMetadataProvider() throws ConfigurationException {
 		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
 			Logger.info("Relaod MOAMetaDataProvider.");
 			
 			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
 			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
 			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-
-			Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
 			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
 			
-			//make a Map of all actually loaded HTTPMetadataProvider
-			List<MetadataProvider> providers = chainProvider.getProviders();
-			for (MetadataProvider provider : providers) {
-				if (provider instanceof HTTPMetadataProvider) {
-					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-					loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-				}
-			}
-			
-			//set Timestamp
-			Date oldTimeStamp = timestamp;
-			timestamp = new Date();
+			//get all actually loaded metadata providers
+			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
 			
 			//load all PVP2 OAs form ConfigurationDatabase and 
 			//compare actually loaded Providers with configured PVP2 OAs
-			List<OnlineApplication> oaList = ConfigurationDBRead
-					.getAllActiveOnlineApplications();
-						
-			Iterator<OnlineApplication> oaIt = oaList.iterator();
-			while (oaIt.hasNext()) {
-				HTTPMetadataProvider httpProvider = null;
-				
-				try {
-					OnlineApplication oa = oaIt.next();
-					OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
-					if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
-						
-						String metadataurl = pvp2Config.getMetadataURL();
+			Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
+					MOAIDConfigurationConstants.PREFIX_SERVICES 
+					+ ".%." 
+					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
+			
+			if (allOAs != null) {
+				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
+				while (oaInterator.hasNext()) {
+					Entry<String, String> oaKeyPair = oaInterator.next();
+					
+					OAAuthParameter oaParam = 
+							AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
+					if (oaParam != null) {
+						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 						
-						if (loadedproviders.containsKey(metadataurl)) {
-							
-							if (pvp2Config.getUpdateRequiredItem() != null &&
-									pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) {
-								//PVP2 OA is actually loaded, but update is requested
-								Logger.info("Reload metadata for: " + oa.getFriendlyName());
-								loadedproviders.get(metadataurl).refresh();
-								
-							}
-
-							//	PVP2 OA is actually loaded, to nothing
-							providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
-							loadedproviders.remove(metadataurl);
+						HTTPMetadataProvider httpProvider = null;				
+						try {
+							if (MiscUtil.isNotEmpty(metadataurl)) {						
+								if (loadedproviders.containsKey(metadataurl)) {
+									//	PVP2 OA is actually loaded, to nothing
+									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+									loadedproviders.remove(metadataurl);
 							
 							
-						} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-								!providersinuse.containsKey(metadataurl) ) {
-							//PVP2 OA is new, add it to MOAMetadataProvider
-													
-							Logger.info("Loading metadata for: " + oa.getFriendlyName());
-							httpProvider = createNewHTTPMetaDataProvider(
-									pvp2Config.getMetadataURL(), 
-									pvp2Config.getCertificate(),
-									oa.getFriendlyName(),
-									buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), 
-											pvp2Config.getCertificate()));
+								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
+										!providersinuse.containsKey(metadataurl) ) {
+									//PVP2 OA is new, add it to MOAMetadataProvider
+									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+									if (MiscUtil.isNotEmpty(certBase64)) {
+										byte[] cert = Base64Utils.decode(certBase64, false);
+										String oaFriendlyName = oaParam.getFriendlyName();
+									
+									
+										Logger.info("Loading metadata for: " + oaFriendlyName);
+										httpProvider = createNewHTTPMetaDataProvider(
+												metadataurl, 
+												cert,
+												oaFriendlyName,
+												buildMetadataFilterChain(oaParam, metadataurl, 
+														cert));
 							
-							if (httpProvider != null)
-								providersinuse.put(metadataurl, httpProvider);
+										if (httpProvider != null)
+											providersinuse.put(metadataurl, httpProvider);
+									}
 						
-						}
-					}
-				} catch (Throwable e) {
-					Logger.error(
+								}
+							}
+						} catch (Throwable e) {
+							Logger.error(
 							"Failed to add Metadata (unhandled reason: "
 									+ e.getMessage(), e);
 					
-					if (httpProvider != null) {
-						Logger.debug("Destroy failed Metadata provider");
-						httpProvider.destroy();
-					}
+							if (httpProvider != null) {
+								Logger.debug("Destroy failed Metadata provider");
+								httpProvider.destroy();
+							}
 					
-				}	
+						}	
+					}
+				}
 			}
 			
 			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
@@ -261,77 +340,90 @@ public class MOAMetadataProvider implements MetadataProvider {
 		Logger.info("Loading metadata");
 		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-		
-		List<OnlineApplication> oaList = ConfigurationDBRead
-				.getAllActiveOnlineApplications();
-		
-		if (oaList.size() == 0)
-			Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-		
-		Iterator<OnlineApplication> oaIt = oaList.iterator();
-		while (oaIt.hasNext()) {
-			HTTPMetadataProvider httpProvider = null;
+		try {
+			Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
+					MOAIDConfigurationConstants.PREFIX_SERVICES 
+					+ ".%." 
+					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
 			
-			try {
-				OnlineApplication oa = oaIt.next();
-				Logger.info("Loading metadata for: " + oa.getFriendlyName());
-				OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
-				if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
-					String metadataURL = pvp2Config.getMetadataURL();
+			if (allOAs != null) {
+				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
+				while (oaInterator.hasNext()) {
+					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					if (!providersinuse.containsKey(metadataURL)) {
-					
-						httpProvider = createNewHTTPMetaDataProvider(
-								metadataURL, 
-								pvp2Config.getCertificate(),
-								oa.getFriendlyName(),
-								buildMetadataFilterChain(oa, metadataURL, 
-										pvp2Config.getCertificate()));
-					
-						if (httpProvider != null)
-							providersinuse.put(metadataURL, httpProvider);
+					OAAuthParameter oaParam = 
+							AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
+					if (oaParam != null) {
+						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
+						String oaFriendlyName = oaParam.getFriendlyName();
+						HTTPMetadataProvider httpProvider = null;
+				
+						try {
+							String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+							if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) {
+								byte[] cert = Base64Utils.decode(certBase64, false);
+								
+								
+								Logger.info("Loading metadata for: " + oaFriendlyName);					
+								if (!providersinuse.containsKey(metadataurl)) {					
+									httpProvider = createNewHTTPMetaDataProvider(
+											metadataurl, 
+											cert,
+											oaFriendlyName,
+											buildMetadataFilterChain(oaParam, metadataurl, 
+													cert));
 						
-					} else {
-						Logger.info(metadataURL + " are already added.");
-					}
+									if (httpProvider != null)
+										providersinuse.put(metadataurl, httpProvider);
+							
+								} else {
+									Logger.info(metadataurl + " are already added.");
+								}
+						
+							} else {
+								Logger.info(oaFriendlyName
+										+ " is not a PVP2 Application skipping");
+							}
+						} catch (Throwable e) {
+							Logger.error(
+									"Failed to add Metadata (unhandled reason: "
+											+ e.getMessage(), e);
 					
-				} else {
-					Logger.info(oa.getFriendlyName()
-							+ " is not a PVP2 Application skipping");
+							if (httpProvider != null) {
+								Logger.debug("Destroy failed Metadata provider");
+								httpProvider.destroy();
+							}
+						}			
+					}
 				}
-			} catch (Throwable e) {
+				
+			} else 
+				Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
+					
+			try {
+				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+				
+			} catch (MetadataProviderException e) {
 				Logger.error(
 						"Failed to add Metadata (unhandled reason: "
 								+ e.getMessage(), e);
-				
-				if (httpProvider != null) {
-					Logger.debug("Destroy failed Metadata provider");
-					httpProvider.destroy();
-				}
-			}			
-		}
-		
-		
-		try {
-			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+			}
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Access MOA-ID configuration FAILED.", e);
 			
-		} catch (MetadataProviderException e) {
-			Logger.error(
-					"Failed to add Metadata (unhandled reason: "
-							+ e.getMessage(), e);
 		}
 		
 		internalProvider = chainProvider;
-		timestamp = new Date();
 	}
 	
-	private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException {
+	private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
 		MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		
-		if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) {
+		if (oaParam.isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
-			filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType()));
+			filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.getBusinessService()));
 			
 		}
 		
@@ -352,7 +444,7 @@ public class MOAMetadataProvider implements MetadataProvider {
 							AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), 
 							AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
 							null,
-							ChainingModeType.fromValue(AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode()), 
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
 							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
 					
 					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-07-02 07:26:30 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-07-02 07:26:30 +0200
commit	5bc01dab26425144a41dbece04b642fb963e1315 (patch)
tree	543fe5f7b8d576c7e85ba711c1f9bf03d3dc699f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
parent	06e63a4fb89dd92583fc3e72e12750becdd6c8ef (diff)
download	moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.tar.gz moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.tar.bz2 moa-id-spss-5bc01dab26425144a41dbece04b642fb963e1315.zip