diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 19:32:36 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 19:32:36 +0200 |
commit | 1984a9914bb024bdd7b486ec6dd6ba4144c0c70b (patch) | |
tree | 42481e5e1d71bf24e90a6689c359af037b1b8248 /id/server | |
parent | f52976e984450d6802067acad12a0b8143f4ce75 (diff) | |
download | moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.gz moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.tar.bz2 moa-id-spss-1984a9914bb024bdd7b486ec6dd6ba4144c0c70b.zip |
Reload MOAMetadataProvider after config changes
Diffstat (limited to 'id/server')
3 files changed, 43 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 12ab3f871..92323f02b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -1,10 +1,15 @@ package at.gv.egovernment.moa.id.config.auth; +import iaik.util.logging.Log; + import java.util.Date; +import org.bouncycastle.asn1.pkcs.Pfx; + import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; @@ -20,6 +25,7 @@ public class AuthConfigLoader implements Runnable { Logger.info("check for new config."); MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Date dbdate = moaidconfig.getTimestampItem(); + Date pvprefresh = moaidconfig.getPvp2RefreshItem(); ConfigurationDBUtils.closeSession(); Date date = AuthConfigurationProvider.getTimeStamp(); @@ -28,6 +34,14 @@ public class AuthConfigLoader implements Runnable { AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance(); instance.reloadDataBaseConfig(); } + + Date pvpdate = MOAMetadataProvider.getTimeStamp(); + if (pvprefresh != null && pvprefresh.after(pvpdate)) { + MOAMetadataProvider metainst = MOAMetadataProvider.getInstance(); + metainst.reInitialize(); + } + + } catch (Throwable e) { Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index a92ac8e7f..a61633e12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,11 +1,16 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import iaik.util.logging.Log; + import java.security.cert.CertificateException; +import java.util.Date; import java.util.Iterator; import java.util.List; +import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -29,7 +34,9 @@ public class MOAMetadataProvider implements MetadataProvider { private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); - + private static Date timestamp; + + public static MOAMetadataProvider getInstance() { if (instance == null) { synchronized (mutex) { @@ -41,6 +48,17 @@ public class MOAMetadataProvider implements MetadataProvider { return instance; } + public static Date getTimeStamp() { + return timestamp; + } + + public void reInitialize() { + synchronized (mutex) { + Log.info("ReInitalize MOAMetaDataProvider."); + instance = new MOAMetadataProvider(); + } + } + MetadataProvider internalProvider; private MOAMetadataProvider() { @@ -59,15 +77,20 @@ public class MOAMetadataProvider implements MetadataProvider { String metadataURL = pvp2Config.getMetadataURL(); try { // TODO: use proper SSL checking - HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( - metadataURL, 20000); + HTTPMetadataProvider httpProvider = + new HTTPMetadataProvider(new Timer(), new HttpClient(), + metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); + httpProvider.setMinRefreshDelay(1000*60*5); //5min + httpProvider.setMaxRefreshDelay(1000*60*30); //30min + //httpProvider.setRefreshDelayFactor(0.1F); MetadataFilter filter = new MetadataSignatureFilter( metadataURL, pvp2Config.getCertificate()); httpProvider.setMetadataFilter(filter); chainProvider.addMetadataProvider(httpProvider); httpProvider.initialize(); + } catch (MetadataProviderException e) { Logger.error( "Failed to add Metadata file for " @@ -91,8 +114,9 @@ public class MOAMetadataProvider implements MetadataProvider { } internalProvider = chainProvider; + timestamp = new Date(); } - + public boolean requireValidMetadata() { return internalProvider.requireValidMetadata(); } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index c17a8cbd4..dd696f42f 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -272,6 +272,7 @@ </xsd:element> </xsd:sequence> <xsd:attribute name="timestamp" type="xsd:dateTime"/> + <xsd:attribute name="pvp2refresh" type="xsd:dateTime"/> </xsd:complexType> </xsd:element> <xsd:complexType name="AuthComponentType"> |