ReImplement MOAMetadataProvider to add and remove HTTPMetadataProvider dynamically from configuration database.

1 files changed, 211 insertions, 34 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index a61633e12..107ee22ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -1,11 +1,13 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
-import iaik.util.logging.Log;
-
 import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Timer;
 
 import javax.xml.namespace.QName;
@@ -34,8 +36,7 @@ public class MOAMetadataProvider implements MetadataProvider {
 	private static MOAMetadataProvider instance = null;
 
 	private static Object mutex = new Object();
-	private static Date timestamp;
-	
+	private static Date timestamp = null;
 	
 	public static MOAMetadataProvider getInstance() {
 		if (instance == null) {
@@ -52,18 +53,162 @@ public class MOAMetadataProvider implements MetadataProvider {
 		return timestamp;
 	}
 	
-	public void reInitialize() {
+	public static void reInitialize() {
 		synchronized (mutex) {
-			Log.info("ReInitalize MOAMetaDataProvider.");
-			instance = new MOAMetadataProvider();
+			
+			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+			if (instance != null)
+				instance.addAndRemoveMetadataProvider();
+			
+			else
+				Logger.info("MOAMetadataProvider is not loaded.");
+		}
+	}
+	
+	public static void destroy() {
+		if (instance != null) {
+			instance.internalDestroy();
+			
+		} else {
+			Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
 		}
 	}
 	
 	MetadataProvider internalProvider;
 
+	
+	private void addAndRemoveMetadataProvider() {
+		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+			Logger.info("Relaod MOAMetaDataProvider.");
+			
+			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
+			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
+
+			Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			
+			//make a Map of all actually loaded HTTPMetadataProvider
+			List<MetadataProvider> providers = chainProvider.getProviders();
+			for (MetadataProvider provider : providers) {
+				if (provider instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+					loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+				}
+			}
+			
+			//load all PVP2 OAs form ConfigurationDatabase and 
+			//compare actually loaded Providers with configured PVP2 OAs
+			List<OnlineApplication> oaList = ConfigurationDBRead
+					.getAllActiveOnlineApplications();
+			
+			//set Timestamp
+			timestamp = new Date();
+			
+			Iterator<OnlineApplication> oaIt = oaList.iterator();
+			while (oaIt.hasNext()) {
+				try {
+					OnlineApplication oa = oaIt.next();
+					OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+					if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
+						
+						String metadataurl = pvp2Config.getMetadataURL();
+						
+						if (loadedproviders.containsKey(metadataurl)) {
+							//PVP2 OA is actually loaded, to nothing
+							providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+							loadedproviders.remove(metadataurl);
+							
+							
+						} else if ( MiscUtil.isNotEmpty(metadataurl) &&
+								!providersinuse.containsKey(metadataurl) ) {
+							//PVP2 OA is new, add it to MOAMetadataProvider
+							Logger.info("Loading metadata for: " + oa.getFriendlyName());
+							HTTPMetadataProvider httpProvider = createNewHTTPMetaDataProvider(
+									pvp2Config.getMetadataURL(), 
+									pvp2Config.getCertificate(),
+									oa.getFriendlyName());
+							
+							if (httpProvider != null)
+								providersinuse.put(metadataurl, httpProvider);
+						
+						}
+					}
+				} catch (Throwable e) {
+					Logger.error(
+							"Failed to add Metadata (unhandled reason: "
+									+ e.getMessage(), e);
+				}	
+			}
+			
+			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+			for (HTTPMetadataProvider provider : notusedproviders) {
+				String metadataurl = provider.getMetadataURI();
+				
+				try {
+					
+					provider.destroy();
+					
+					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+					//chainProvider.removeMetadataProvider(provider);
+					
+					Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+					
+				} catch (Throwable e) {
+					Logger.error("HTTPMetadataProvider with URL " + metadataurl 
+							+ " can not be removed from the list of actually loaded Providers.", e);
+					
+				}
+				
+			}
+			
+			try {
+				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+				
+			} catch (MetadataProviderException e) {
+				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
+				
+			}
+			
+			
+			
+		} else {
+			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+		}
+		
+	}
+	
+	
+	public void internalDestroy() {
+		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+			Logger.info("Destrorying MOAMetaDataProvider.");
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
+			
+			List<MetadataProvider> providers = chainProvider.getProviders();
+			for (MetadataProvider provider : providers) {
+				if (provider instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+					Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+					httpprovider.destroy();
+					
+				} else {
+					Logger.warn("MetadataProvider can not be destroyed.");
+				}
+			}	
+			instance = null;
+		} else {
+			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+		}
+	}
+	
 	private MOAMetadataProvider() {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
 		Logger.info("Loading metadata");
+		
+		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
+		
 		List<OnlineApplication> oaList = ConfigurationDBRead
 				.getAllActiveOnlineApplications();
 		Iterator<OnlineApplication> oaIt = oaList.iterator();
@@ -73,35 +218,22 @@ public class MOAMetadataProvider implements MetadataProvider {
 				Logger.info("Loading metadata for: " + oa.getFriendlyName());
 				OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
 				if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
-//				if (pvp2Config != null) {
 					String metadataURL = pvp2Config.getMetadataURL();
-					try {
-						// TODO: use proper SSL checking
-						HTTPMetadataProvider httpProvider = 
-								new HTTPMetadataProvider(new Timer(), new HttpClient(), 
-										metadataURL);
-						httpProvider.setParserPool(new BasicParserPool());
-						httpProvider.setRequireValidMetadata(true);
-						httpProvider.setMinRefreshDelay(1000*60*5); //5min
-						httpProvider.setMaxRefreshDelay(1000*60*30); //30min
-						//httpProvider.setRefreshDelayFactor(0.1F);
-						MetadataFilter filter = new MetadataSignatureFilter(
-								metadataURL, pvp2Config.getCertificate());
-						httpProvider.setMetadataFilter(filter);
-						chainProvider.addMetadataProvider(httpProvider);
-						httpProvider.initialize();
-
-					} catch (MetadataProviderException e) {
-						Logger.error(
-								"Failed to add Metadata file for "
-										+ oa.getFriendlyName() + "[ "
-										+ e.getMessage() + " ]", e);
-					} catch (CertificateException e) {
-						Logger.error(
-								"Failed to add Metadata file for "
-										+ oa.getFriendlyName() + "[ "
-										+ e.getMessage() + " ]", e);
+					
+					if (!providersinuse.containsKey(metadataURL)) {
+					
+						HTTPMetadataProvider httpProvider = createNewHTTPMetaDataProvider(
+								metadataURL, 
+								pvp2Config.getCertificate(),
+								oa.getFriendlyName());
+					
+						if (httpProvider != null)
+							providersinuse.put(metadataURL, httpProvider);
+						
+					} else {
+						Logger.info(metadataURL + " are already added.");
 					}
+					
 				} else {
 					Logger.info(oa.getFriendlyName()
 							+ " is not a PVP2 Application skipping");
@@ -113,10 +245,55 @@ public class MOAMetadataProvider implements MetadataProvider {
 			}			
 		}
 		
+		
+		try {
+			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+			
+		} catch (MetadataProviderException e) {
+			Logger.error(
+					"Failed to add Metadata (unhandled reason: "
+							+ e.getMessage(), e);
+		}
+		
 		internalProvider = chainProvider;
 		timestamp = new Date();
 	}
 	
+	private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) {
+		try {						
+			HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), 
+					metadataURL);
+			httpProvider.setParserPool(new BasicParserPool());
+			httpProvider.setRequireValidMetadata(true);
+			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+			//httpProvider.setRefreshDelayFactor(0.1F);
+			
+			// TODO: use proper SSL checking
+			
+			MetadataFilter filter = new MetadataSignatureFilter(
+					metadataURL, certificate);
+			httpProvider.setMetadataFilter(filter);
+			httpProvider.initialize();
+			
+			return httpProvider;
+			
+			
+		} catch (MetadataProviderException e) {
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ oaName + "[ "
+							+ e.getMessage() + " ]", e);
+		} catch (CertificateException e) {
+			Logger.error(
+					"Failed to add Metadata file for "
+							+ oaName + "[ "
+							+ e.getMessage() + " ]", e);
+		}
+		
+		return null;	
+	}
+	
 	public boolean requireValidMetadata() {
 		return internalProvider.requireValidMetadata();
 	}