diff options
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java')
-rw-r--r-- | id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java | 124 |
1 files changed, 86 insertions, 38 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..aca818532 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -11,6 +12,9 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -22,44 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; -import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.engine.AbstractProtocolEngine; @Service("eIDASMetadataProvider") -public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, - IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{ +public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, + IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - private Timer timer = null; + @Autowired(required=true) IConfiguration basicConfig; + + private Timer timer = null; private MetadataProvider internalProvider; private Map<String, Date> lastAccess = null; - -// public static MOAeIDASChainingMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAeIDASChainingMetadataProvider(); -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// } -// } -// } -// return instance; -// } - - public MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap<String, Date>(); @@ -71,23 +70,36 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); - if (!metadataToLoad.isEmpty()) { - Logger.info("Load static configurated eIDAS metadata ... "); - for (String metaatalocation : metadataToLoad.values()) { - String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir()); - Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); - refreshMetadataProvider(absMetadataLocation); + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { + try { + Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + if (!metadataToLoad.isEmpty()) { + Logger.info("Load static configurated eIDAS metadata ... "); + for (String metaatalocation : metadataToLoad.values()) { + String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory()); + Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); + refreshMetadataProvider(absMetadataLocation); + } + + Logger.info("Load static configurated eIDAS metadata finished "); } - Logger.info("Load static configurated eIDAS metadata finished "); - } + } catch (MalformedURLException e) { + Logger.warn("MOA-ID configuration error." , e); + throw new ConfigurationException("MOA-ID configuration error.", null, e); + + } } @@ -229,11 +241,12 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); - return createNewMoaMetadataProvider(metadataURL, filter, + return createNewSimpleMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", - timer, AbstractProtocolEngine.getSecuredParserPool()); + timer, AbstractProtocolEngine.getSecuredParserPool(), + createHttpClient(metadataURL)); } @@ -414,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider if (observer != null) observer.onEvent(this); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + if (basicConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } |