aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java150
1 files changed, 37 insertions, 113 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index f33cadc41..3002ca179 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -31,12 +31,9 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import java.util.Timer;
-import javax.net.ssl.SSLHandshakeException;
import javax.xml.namespace.QName;
-import org.apache.commons.httpclient.MOAHttpClient;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -47,26 +44,22 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-public class MOAMetadataProvider implements ObservableMetadataProvider{
+public class MOAMetadataProvider extends SimpleMOAMetadataProvider
+ implements ObservableMetadataProvider, IGarbageCollectorProcessing, IMOARefreshableMetadataProvider {
private static MOAMetadataProvider instance = null;
private static Object mutex = new Object();
@@ -77,18 +70,32 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
synchronized (mutex) {
if (instance == null) {
instance = new MOAMetadataProvider();
+
+ //add this to MOA garbage collector
+ MOAGarbageCollector.addModulForGarbageCollection(instance);
+
}
}
}
return instance;
}
- public static void reInitialize() {
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
+ */
+ @Override
+ public void runGarbageCollector() {
+ reInitialize();
+
+ }
+
+ private static void reInitialize() {
synchronized (mutex) {
/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
if (instance != null)
- try {
+ try {
+ Logger.trace("Check consistence of PVP2X metadata");
instance.addAndRemoveMetadataProvider();
} catch (ConfigurationException e) {
@@ -111,9 +118,10 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
MetadataProvider internalProvider;
+ @Override
public boolean refreshMetadataProvider(String entityID) {
try {
- OAAuthParameter oaParam =
+ IOAAuthParameters oaParam =
AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
if (oaParam != null) {
String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -135,10 +143,9 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
String oaFriendlyName = oaParam.getFriendlyName();
ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
- HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL,
- cert, oaFriendlyName,
- buildMetadataFilterChain(oaParam, metadataURL,
- cert));
+ HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL,
+ buildMetadataFilterChain(oaParam, metadataURL, cert),
+ oaFriendlyName);
chainProvider.addMetadataProvider(newMetadataProvider);
@@ -223,7 +230,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- OAAuthParameter oaParam =
+ IOAAuthParameters oaParam =
AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -248,11 +255,9 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
Logger.info("Loading metadata for: " + oaFriendlyName);
httpProvider = createNewHTTPMetaDataProvider(
- metadataurl,
- cert,
- oaFriendlyName,
- buildMetadataFilterChain(oaParam, metadataurl,
- cert));
+ metadataurl,
+ buildMetadataFilterChain(oaParam, metadataurl, cert),
+ oaFriendlyName);
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -356,7 +361,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
while (oaInterator.hasNext()) {
Entry<String, String> oaKeyPair = oaInterator.next();
- OAAuthParameter oaParam =
+ IOAAuthParameters oaParam =
AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
if (oaParam != null) {
String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -373,10 +378,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
if (!providersinuse.containsKey(metadataurl)) {
httpProvider = createNewHTTPMetaDataProvider(
metadataurl,
- cert,
- oaFriendlyName,
- buildMetadataFilterChain(oaParam, metadataurl,
- cert));
+ buildMetadataFilterChain(oaParam, metadataurl, cert),
+ oaFriendlyName);
if (httpProvider != null)
providersinuse.put(metadataurl, httpProvider);
@@ -422,8 +425,8 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
internalProvider = chainProvider;
}
- private MetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
- MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+ private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+ PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
filterChain.getFilters().add(new SchemaValidationFilter());
if (oaParam.isInderfederationIDP()) {
@@ -434,86 +437,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
return filterChain;
}
-
- private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) {
- HTTPMetadataProvider httpProvider = null;
- Timer timer= null;
- MOAHttpClient httpClient = null;
- try {
- httpClient = new MOAHttpClient();
-
- if (metadataURL.startsWith("https:")) {
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
- AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(),
- AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
- null,
- AuthConfiguration.DEFAULT_X509_CHAININGMODE,
- AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
-
- httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
- } catch (MOAHttpProtocolSocketFactoryException e) {
- Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-
- }
- }
-
- timer = new Timer();
- httpProvider = new HTTPMetadataProvider(timer, httpClient,
- metadataURL);
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- //httpProvider.setRefreshDelayFactor(0.1F);
-
- if (filter == null) {
- filter = new MetadataFilterChain(metadataURL, certificate);
- }
- httpProvider.setMetadataFilter(filter);
- httpProvider.initialize();
-
- httpProvider.setRequireValidMetadata(true);
-
- return httpProvider;
-
- } catch (Throwable e) {
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- Logger.warn("SSL-Server certificate for metadata "
- + metadataURL + " not trusted.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
- Logger.warn("Signature verification for metadata"
- + metadataURL + " FAILED.", e);
-
- } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
- Logger.warn("Schema validation for metadata "
- + metadataURL + " FAILED.", e);
- }
-
- Logger.error(
- "Failed to add Metadata file for "
- + oaName + "[ "
- + e.getMessage() + " ]", e);
-
- if (httpProvider != null) {
- Logger.debug("Destroy failed Metadata provider");
- httpProvider.destroy();
- }
-
- if (timer != null) {
- Logger.debug("Destroy Timer.");
- timer.cancel();
- }
-
-
- }
- return null;
- }
-
public boolean requireValidMetadata() {
return internalProvider.requireValidMetadata();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:31:12 +0000