add functionality to support more than one ELGA mandate-service

2 files changed, 140 insertions, 64 deletions

diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index fd918c7f4..d65d74c3f 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -45,6 +46,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServi
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
@@ -71,9 +74,22 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
-			// get IDP entityID
-			String elgaMandateServiceEntityID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
-					
+			// get IDP entityID from Online Application configuration
+			String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
+			
+			// use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists
+			if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
+				Logger.info("No Online-Application specific ELGA Mandate-Service found. Use first entry in general MOA-ID configuration");
+				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						authConfig.getConfigurationWithKey(
+								MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL + "." 
+										+ ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID));
+				
+				if (configuratedEntityIDs.size() > 0)
+					elgaMandateServiceEntityID = configuratedEntityIDs.get(0);
+							
+			}
+						
 			if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
 				Logger.info("Connect ELGA Mandate-Service FAILED -> not EntityID found!");
 				throw new TaskExecutionException(pendingReq, "Connect ELGA Mandate-Service FAILED", 
@@ -88,7 +104,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 				Logger.warn("Use not recommended metadata-provider initialization!"
 						+ " SAML2 'Well-Known-Location' is the preferred methode.");
 				Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);				
-				metadataService.initialize(metadataURL);
+				metadataService.addMetadataWithMetadataURL(metadataURL);
 				
 			}
 			
@@ -189,6 +205,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 		
 			//write revisions log entry
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_ENTITYID, elgaMandateServiceEntityID);
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED, moasession.getMandateReferenceValue());
 			
 		} catch (MetadataProviderException e) {			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 36cd2c7e7..4f30509fb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -23,14 +23,17 @@
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
 import java.util.List;
+import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -57,23 +60,22 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 
 	@Autowired AuthConfiguration authConfig;
 	
-	private HTTPMetadataProvider metadataProvider = null;
-
+	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+	private Timer timer = null;
 	
-	public void initialize(String metadataURL) throws MetadataProviderException {
-		if (metadataProvider == null) {
-			internalInitialize(metadataURL);
-			
-		} else {
-			Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
-			
-		}
+
+	public ELGAMandateServiceMetadataProvider() {		
+		metadataProvider.setRequireValidMetadata(true);
 		
 	}
+
+	public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException {
+		internalInitialize(metadataURL);
+					
+	}
 	
 	public void destroy() {
-		if (metadataProvider != null)
-			metadataProvider.destroy();
+		fullyDestroy();
 		
 	}
 	
@@ -84,38 +86,26 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 */
 	@Override
 	public boolean requireValidMetadata() {
-		if (metadataProvider == null) {
-			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
-			return false;
-			
-		} else
 			return metadataProvider.requireValidMetadata();
+			
 	}
 
 	/* (non-Javadoc)
 	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
 	 */
 	@Override
-	public void setRequireValidMetadata(boolean requireValidMetadata) {
-		if (metadataProvider == null) {
-			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
-			
-		} else		
-			metadataProvider.setRequireValidMetadata(requireValidMetadata);;
-		
+	public void setRequireValidMetadata(boolean requireValidMetadata) {	
+			metadataProvider.setRequireValidMetadata(requireValidMetadata);
+					
 	}
 
 	/* (non-Javadoc)
 	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
 	 */
 	@Override
-	public MetadataFilter getMetadataFilter() {
-		if (metadataProvider == null) {
-			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
-			return null;
-			
-		} else		
+	public MetadataFilter getMetadataFilter() {	
 			return metadataProvider.getMetadataFilter();
+			
 	}
 
 	/* (non-Javadoc)
@@ -131,14 +121,9 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
 	 */
 	@Override
-	public XMLObject getMetadata() throws MetadataProviderException {
-		if (metadataProvider == null) {
-			Logger.error("ELGA Mandate-Service metadata-provider is not initialized");
-			throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
-			
-		}
-		
+	public XMLObject getMetadata() throws MetadataProviderException {		
 		return metadataProvider.getMetadata();
+		
 	}
 
 	/* (non-Javadoc)
@@ -146,12 +131,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 */
 	@Override
 	public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
-		if (metadataProvider == null) {
-			Logger.fatal("ELGA Mandate-Service metadata-provider is not initialized");
-			throw new MetadataProviderException("ELGA Mandate-Service metadata-provider is not initialized");
-			
-		} else		
-			return metadataProvider.getEntitiesDescriptor(name);
+		return metadataProvider.getEntitiesDescriptor(name);
+		
 	}
 
 	/* (non-Javadoc)
@@ -159,9 +140,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 */
 	@Override
 	public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
-		if (metadataProvider == null) 
-			internalInitialize(entityID);
-										
+		try {
+			//search if metadata is already loaded
+			EntityDescriptor entityDesc =  metadataProvider.getEntityDescriptor(entityID);
+			
+			if (entityDesc != null)
+				return entityDesc;
+			else
+				Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ELGA Mandate-Service
+		internalInitialize(entityID);
+				
+		//search again after reload (re)initialization
 		try {
 			EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
 			if (entityDesc == null) {
@@ -183,9 +179,24 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 */
 	@Override
 	public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
-		if (metadataProvider == null)
-			internalInitialize(entityID);
+		try {
+			//search if metadata is already loaded
+			List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ELGA Mandate-Service
+		internalInitialize(entityID);
 		
+		//search again after reload (re)initialization
 		return metadataProvider.getRole(entityID, roleName);
 	}
 
@@ -194,39 +205,84 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 	 */
 	@Override
 	public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
-			throws MetadataProviderException {
-		if (metadataProvider == null)
-			internalInitialize(entityID);
+			throws MetadataProviderException {		
+		try {
+			//search if metadata is already loaded
+			RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ELGA Mandate-Service: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ELGA Mandate-Service: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ELGA Mandate-Service
+		internalInitialize(entityID);
 		
+		//search again after reload (re)initialization
 		return metadataProvider.getRole(entityID, roleName, supportedProtocol);
 	}
 	
-	private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {		
-		if (metadataProvider == null) {
-			Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+	private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+		
+		//check if metadata with EntityID already exists in chaining metadata provider
+		boolean addNewMetadata = true;
+		try {
+			addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null);
+						
+		} catch (MetadataProviderException e) {}
+
+		//switch between metadata refresh and add new metadata		
+		if (addNewMetadata) {
+			//Metadata provider seems not loaded --> Add new metadata provider
+			Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service");
 		
 			String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
 			if (MiscUtil.isEmpty(trustProfileID)) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
 				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
 			}
-						
+		
+			//initialize Timer if it is null
+			if (timer == null)
+				timer = new Timer(true);
+				
 			//create metadata validation filter chain
 			MetadataFilterChain filter = new MetadataFilterChain();
 			filter.addFilter(new SchemaValidationFilter(true));
 			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
 		
-			metadataProvider = createNewHTTPMetaDataProvider(metdataURL, 
+			HTTPMetadataProvider idpMetadataProvider = createNewHTTPMetaDataProvider(metdataURL, 
 					filter, 
-					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+					timer);
 		
-			if (metadataProvider == null) {
+			if (idpMetadataProvider == null) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED.");
-				throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+				throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadata provider.");
 			
 			}
 		
-			metadataProvider.setRequireValidMetadata(true);
+			idpMetadataProvider.setRequireValidMetadata(true);
+			metadataProvider.addMetadataProvider(idpMetadataProvider);	
+			
+		} else {
+			//Metadata provider seems already loaded --> start refresh process
+			List<MetadataProvider> loadedProvider = metadataProvider.getProviders();
+			for (MetadataProvider el : loadedProvider) {
+				if (el instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider prov = (HTTPMetadataProvider)el;
+					if (prov.getMetadataURI().equals(metdataURL))
+						prov.refresh();
+										
+				} else
+					Logger.warn("ELGA Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
+								
+			}			
 		}
 	}
 
@@ -240,5 +296,8 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			
 		}
 		
+		if (timer != null)
+			timer.cancel();
+		
 	}
 }