refactor MOA metadataprovider to load metadata from file system

10 files changed, 130 insertions, 9 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
new file mode 100644
index 000000000..d918be463
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+
+/**
+ * 
+ * @author tlenz
+ *
+ * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
+ *
+ */
+public interface IPostStartupInitializable {
+
+	/**
+	 * This method is called once when MOA-ID-Auth start-up process is fully completed
+	 * 
+	 */
+	public void executeAfterStartup();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 65ea2fd90..3d45e2468 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -127,7 +127,7 @@ public class MOAIDAuthInitializer {
         Random.seedRandom();
         Logger.debug("Random-number generator is seeded.");
         
-        // Initialize configuration provider
+        // Initialize configuration provider for non-spring managed parts 
        	AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);
 
        	//test, if MOA-ID is already configured
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 7e0f48744..35d052acd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -235,6 +235,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		return properties.getProperty(key, defaultValue);
 		
 	}
+		
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix) {
+		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.concertPropertiesToMap(properties), prefix);
+		
+	}
 	
 	
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index e060e18e1..6c2235654 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -39,7 +39,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
@@ -177,12 +176,12 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 							PVPConstants.SSLSOCKETFACTORYNAME, 
-							AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
+							authConfig.getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
-							AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
-							AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+							authConfig.isTrustmanagerrevoationchecking(),
+							authConfig.getRevocationMethodOrder(),
+							authConfig.getBasicMOAIDConfigurationBoolean(
 									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
 					
 					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 1a2f0d1d3..50b2c5ece 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -53,7 +53,7 @@ auth.32=Federated authentication FAILED. No configuration for IDP {0}
 auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow inbound messages. 

 auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.

 

-init.00=MOA ID Authentisierung wurde erfolgreich gestartet

+init.00=MOA-ID-Auth wurde erfolgreich gestartet

 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar

 init.02=Fehler beim Starten des Service MOA-ID-Auth

 init.04=Fehler beim Datenbankzugriff mit der SessionID {0}

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 4df11b35c..07b07d980 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -47,6 +47,16 @@ public interface AuthConfiguration extends ConfigurationProvider{
 	 */
 	public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
 	
+	/**
+	 * Get a set of configuration values from basic file based MOA-ID configuration that starts with this prefix
+	 * <br><br>
+	 * <b>Important:</b> The configuration values must be of type String! 
+	 * 
+	 * @param prefix Prefix of the configuration key
+	 * @return Map<String, String> without prefix, but never null
+	 */
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix);
+	
 	public int getTransactionTimeOut();
 	public int getSSOCreatedTimeOut();
 	public int getSSOUpdatedTimeOut();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index bc567e5d2..40ef5a23a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -29,6 +29,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Properties;
 import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
@@ -45,6 +46,27 @@ public class KeyValueUtils {
 	public static final String CSV_DELIMITER = ",";
 	
 	/**
+	 * Convert Java properties into a Map<String, String>
+	 * <br><br>
+	 * <b>Important:</b> The key/values from properties must be of type String! 
+	 * 
+	 * @param properties
+	 * @return
+	 */
+	public static Map<String, String> concertPropertiesToMap(Properties properties) {
+		return new HashMap<String, String>((Map) properties);
+				
+		//INFO Java8 solution ;)
+		//		return properties.entrySet().stream().collect(
+//			    Collectors.toMap(
+//			            e -> e.getKey().toString(),
+//			            e -> e.getValue().toString()
+//			       )
+//			   );
+		
+	}
+	
+	/**
 	 * Extract the first child of an input key after a the prefix
 	 * 
 	 * @param key Full input key 
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 07ba6a89e..b6fd8de8e 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -1,5 +1,8 @@
 package at.gv.egovernment.moa.id.auth;
 
+import java.util.Map;
+import java.util.Map.Entry;
+
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRegistration;
@@ -147,8 +150,19 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 //			servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext))
 //				.addMappingForUrlPatterns(null, false, "/*");
 						
-			Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ...");
+			Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialization process ...");
 			MOAIDAuthInitializer.initialize(rootContext);
+			
+			
+			//initialize object that implements the IPostStartupInitializeable interface
+			Map<String, IPostStartupInitializable> objForInitialization = rootContext.getBeansOfType(IPostStartupInitializable.class);
+			for (Entry<String, IPostStartupInitializable> el : objForInitialization.entrySet()) {
+				Logger.debug("Starting post start-up initialization of '" + el.getKey() + "' ..." );
+				el.getValue().executeAfterStartup();
+				Logger.info("Post start-up initialization of '" + el.getKey() + "' finished." );
+				
+			}
+							
 			Logger.info(MOAIDMessageProvider.getInstance().getMessage(
 					"init.00", null));			
 			Logger.info("MOA-ID-Auth initialization finished.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 01b202a88..adf6c4979 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -67,6 +67,8 @@ public class Constants {
 	public static final String CONIG_PROPS_EIDAS_NODE_COUNTRY = CONIG_PROPS_EIDAS_NODE + ".country";
 	public static final String CONIG_PROPS_EIDAS_NODE_LoA = CONIG_PROPS_EIDAS_NODE + ".LoA";	
 	
+	public static final String CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX = CONIG_PROPS_EIDAS_PREFIX + ".metadata.url";
+	
 	
 	
 	//timeouts and clock skews
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index a0330903b..76cc12e44 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -25,18 +25,20 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
 public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider {
+	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
 
 	private Timer timer = null;
 	
@@ -62,6 +64,31 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		lastAccess = new HashMap<String, Date>();
 				
 	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.IPostStartupInitializable#executeAfterStartup()
+	 */
+	@Override
+	public void executeAfterStartup() {
+		initializeEidasMetadataFromFileSystem();
+		
+	}
+	
+	protected void initializeEidasMetadataFromFileSystem() {
+		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+		if (!metadataToLoad.isEmpty()) {
+			Logger.info("Load static configurated eIDAS metadata ... ");			
+			for (String metaatalocation : metadataToLoad.values()) {
+				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
+				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+				refreshMetadataProvider(absMetadataLocation);
+				
+			}
+			
+			Logger.info("Load static configurated eIDAS metadata finished ");
+		}		
+	}
+	
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
@@ -358,4 +385,5 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+
 }