refactor PVP2 S-Profile implementation and perform first tests

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-20 15:11:13 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-20 15:11:13 +0200
commit: 139926faa31ae3ed34dc0083fee503d439112281 (patch)
tree: bf69a673df4a222653b47c0b8da88588065e2271 /id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
parent: 1f8f686bee862ae95e32fc79664d82dcc21f708f (diff)
download: moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2
moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip
1 files changed, 76 insertions, 35 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 94cd04ca7..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
+	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	private Timer timer = null;
+	@Autowired(required=true) IConfiguration basicConfig;
+	
+	private Timer timer = null; 
 	
 	private MetadataProvider internalProvider;
 	private Map<String, Date> lastAccess = null;
 	
-	
-//	public static MOAeIDASChainingMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAeIDASChainingMetadataProvider();
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	
 	public MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
@@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
-		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
-		if (!metadataToLoad.isEmpty()) {
-			Logger.info("Load static configurated eIDAS metadata ... ");			
-			for (String metaatalocation : metadataToLoad.values()) {
-				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
-				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
-				refreshMetadataProvider(absMetadataLocation);
+		try {
+			Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			if (!metadataToLoad.isEmpty()) {
+				Logger.info("Load static configurated eIDAS metadata ... ");			
+				for (String metaatalocation : metadataToLoad.values()) {
+					String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());				
+					Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+					refreshMetadataProvider(absMetadataLocation);
 				
+				}
+			
+				Logger.info("Load static configurated eIDAS metadata finished ");
 			}
 			
-			Logger.info("Load static configurated eIDAS metadata finished ");
-		}		
+		} catch (MalformedURLException e) {
+			Logger.warn("MOA-ID configuration error." , e);
+			throw new ConfigurationException("MOA-ID configuration error.", null, e);
+			
+		}
 	}
 	
 	
@@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		filter.addFilter(new MOASPMetadataSignatureFilter(
 				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
-		return createNewMoaMetadataProvider(metadataURL, filter, 
+		return createNewSimpleMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
-					timer, AbstractProtocolEngine.getSecuredParserPool());
+					timer, AbstractProtocolEngine.getSecuredParserPool(),
+					createHttpClient(metadataURL));
 			
 	}
 
@@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				if (basicConfig instanceof AuthConfiguration) {
+					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							moaAuthConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							moaAuthConfig.isTrustmanagerrevoationchecking(),
+							moaAuthConfig.getRevocationMethodOrder(),
+							moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+					
+				}
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-20 15:11:13 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-20 15:11:13 +0200
commit	139926faa31ae3ed34dc0083fee503d439112281 (patch)
tree	bf69a673df4a222653b47c0b8da88588065e2271 /id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
parent	1f8f686bee862ae95e32fc79664d82dcc21f708f (diff)
download	moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.gz moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.tar.bz2 moa-id-spss-139926faa31ae3ed34dc0083fee503d439112281.zip