refactor metadataprovider to Spring implementation

1 files changed, 122 insertions, 68 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 3002ca179..19adfe4c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -44,13 +44,14 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -58,65 +59,85 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("PVPMetadataProvider")
 public class MOAMetadataProvider extends SimpleMOAMetadataProvider
-	implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider {
+	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
+	IMOARefreshableMetadataProvider, IDestroyableObject {
 
-	private static MOAMetadataProvider instance = null;
+	//private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800;  //7 days   
+	
+//	private static MOAMetadataProvider instance = null;
+	MetadataProvider internalProvider = null;
 	private static Object mutex = new Object();
+	//private Map<String, Date> lastAccess = null;
 	
 	
-	public static MOAMetadataProvider getInstance() {
-		if (instance == null) {
-			synchronized (mutex) {
-				if (instance == null) {
-					instance = new MOAMetadataProvider();
-					
-					//add this to MOA garbage collector
-					MOAGarbageCollector.addModulForGarbageCollection(instance);
-										
-				}
-			}
-		}
-		return instance;
+	public MOAMetadataProvider() {
+		internalProvider = new ChainingMetadataProvider();	
+		//lastAccess = new HashMap<String, Date>();
+		
 	}
 	
+//	public static MOAMetadataProvider getInstance() {
+//		if (instance == null) {
+//			synchronized (mutex) {
+//				if (instance == null) {
+//					instance = new MOAMetadataProvider();
+//					
+//					//add this to MOA garbage collector
+//					MOAGarbageCollector.addModulForGarbageCollection(instance);
+//										
+//				}
+//			}
+//		}
+//		return instance;
+//	}
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
 	 */
 	@Override
 	public void runGarbageCollector() {
-		reInitialize();
-		
-	}
-	
-	private static void reInitialize() {
 		synchronized (mutex) {
 			
 			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-			if (instance != null)
-				try {
-					Logger.trace("Check consistence of PVP2X metadata");	
-					instance.addAndRemoveMetadataProvider();
+			try {
+				Logger.trace("Check consistence of PVP2X metadata");	
+				addAndRemoveMetadataProvider();
 					
-				} catch (ConfigurationException e) {
-					Logger.error("Access to MOA-ID configuration FAILED.", e);
+			} catch (ConfigurationException e) {
+				Logger.error("Access to MOA-ID configuration FAILED.", e);
 					
-				}
-			else
-				Logger.info("MOAMetadataProvider is not loaded.");
+			}
 		}
+		
 	}
 	
-	public static void destroy() {
-		if (instance != null) {
-			instance.internalDestroy();
+	
+//	private static void reInitialize() {
+//		synchronized (mutex) {
+//			
+//			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+//			if (instance != null)
+//				try {
+//					Logger.trace("Check consistence of PVP2X metadata");	
+//					instance.addAndRemoveMetadataProvider();
+//					
+//				} catch (ConfigurationException e) {
+//					Logger.error("Access to MOA-ID configuration FAILED.", e);
+//					
+//				}
+//			else
+//				Logger.info("MOAMetadataProvider is not loaded.");
+//		}
+//	}
+	
+	public void fullyDestroy() {
+		internalDestroy();
 			
-		} else {
-			Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
-		}
 	}
 	
-	MetadataProvider internalProvider;
+
 
 	@Override
 	public boolean refreshMetadataProvider(String entityID) {
@@ -208,7 +229,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	
 	private void addAndRemoveMetadataProvider() throws ConfigurationException {
 		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Relaod MOAMetaDataProvider.");
+			Logger.info("Reload MOAMetaDataProvider.");
 			
 			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
 			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
@@ -217,7 +238,19 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			
 			//get all actually loaded metadata providers
 			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
-			
+						
+			/* TODO: maybe add metadata provider destroy after timeout.
+			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
+			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
+			 *       are expired the full EntitiesDescriptor is removed. 
+			 *       
+			 *       Timeout requires a better solution in this case! 
+			 */
+//			Date now = new Date();
+//			Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
+//			Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" 
+//					+ expioredate + ")");
+									
 			//load all PVP2 OAs form ConfigurationDatabase and 
 			//compare actually loaded Providers with configured PVP2 OAs
 			Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
@@ -238,30 +271,31 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						HTTPMetadataProvider httpProvider = null;				
 						try {
 							if (MiscUtil.isNotEmpty(metadataurl)) {						
-								if (loadedproviders.containsKey(metadataurl)) {
+								if (loadedproviders.containsKey(metadataurl)) {									
 									//	PVP2 OA is actually loaded, to nothing
 									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
 									loadedproviders.remove(metadataurl);
 							
 							
-								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-										!providersinuse.containsKey(metadataurl) ) {
-									//PVP2 OA is new, add it to MOAMetadataProvider
-									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-									if (MiscUtil.isNotEmpty(certBase64)) {
-										byte[] cert = Base64Utils.decode(certBase64, false);
-										String oaFriendlyName = oaParam.getFriendlyName();
-									
-									
-										Logger.info("Loading metadata for: " + oaFriendlyName);
-										httpProvider = createNewHTTPMetaDataProvider(
-												metadataurl, 												
-												buildMetadataFilterChain(oaParam, metadataurl, cert),
-												oaFriendlyName);
-							
-										if (httpProvider != null)
-											providersinuse.put(metadataurl, httpProvider);
-									}
+									//INFO: load metadata dynamically if they are requested 
+//								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
+//										!providersinuse.containsKey(metadataurl) ) {
+//									//PVP2 OA is new, add it to MOAMetadataProvider
+//									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+//									if (MiscUtil.isNotEmpty(certBase64)) {
+//										byte[] cert = Base64Utils.decode(certBase64, false);
+//										String oaFriendlyName = oaParam.getFriendlyName();
+//									
+//									
+//										Logger.info("Loading metadata for: " + oaFriendlyName);
+//										httpProvider = createNewHTTPMetaDataProvider(
+//												metadataurl, 												
+//												buildMetadataFilterChain(oaParam, metadataurl, cert),
+//												oaFriendlyName);
+//							
+//										if (httpProvider != null)
+//											providersinuse.put(metadataurl, httpProvider);
+//									}
 						
 								}
 							}
@@ -339,15 +373,21 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				}
 			}
 				
-			instance = null;
+			internalProvider = new ChainingMetadataProvider();
 		} else {
 			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
 		}
 	}
 	
-	private MOAMetadataProvider() {
+	@Deprecated
+	/**
+	 * Load all PVP metadata from OA configuration
+	 * 
+	 * This method is deprecated because OA metadata should be loaded dynamically 
+	 * if the corresponding OA is requested.
+	 */
+	private void loadAllPVPMetadataFromKonfiguration() {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		
 		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
 		try {
@@ -417,14 +457,15 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 								+ e.getMessage(), e);
 			}
 			
+			internalProvider = chainProvider;
+			
 		} catch (ConfigurationException e) {
 			Logger.error("Access MOA-ID configuration FAILED.", e);
 			
 		}
-		
-		internalProvider = chainProvider;
+				
 	}
-	
+		
 	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
@@ -505,17 +546,30 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			
 		}
 		
+//		if (entityDesc != null)
+//			lastAccess.put(entityID, new Date());
+		
 		return entityDesc;
 	}
 
 	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-			throws MetadataProviderException {
-		return internalProvider.getRole(entityID, roleName);
+			throws MetadataProviderException {		
+		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
+		
+//		if (result != null)
+//			lastAccess.put(entityID, new Date());
+		
+		return result; 
 	}
 
 	public RoleDescriptor getRole(String entityID, QName roleName,
 			String supportedProtocol) throws MetadataProviderException {
-		return internalProvider.getRole(entityID, roleName, supportedProtocol);
+		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
+		
+//		if (result != null)
+//			lastAccess.put(entityID, new Date());
+		
+		return result; 
 	}
 
 	/* (non-Javadoc)