aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java124
1 files changed, 86 insertions, 38 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index a2ec47a45..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
+import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
import javax.xml.namespace.QName;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,44 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import eu.eidas.auth.engine.AbstractProtocolEngine;
@Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider,
- IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider,
+ IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
- private Timer timer = null;
+ @Autowired(required=true) IConfiguration basicConfig;
+
+ private Timer timer = null;
private MetadataProvider internalProvider;
private Map<String, Date> lastAccess = null;
-
-// public static MOAeIDASChainingMetadataProvider getInstance() {
-// if (instance == null) {
-// synchronized (mutex) {
-// if (instance == null) {
-// instance = new MOAeIDASChainingMetadataProvider();
-// MOAGarbageCollector.addModulForGarbageCollection(instance);
-// }
-// }
-// }
-// return instance;
-// }
-
-
public MOAeIDASChainingMetadataProvider() {
internalProvider = new ChainingMetadataProvider();
lastAccess = new HashMap<String, Date>();
@@ -71,23 +70,36 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
*/
@Override
public void executeAfterStartup() {
- initializeEidasMetadataFromFileSystem();
+ try {
+ initializeEidasMetadataFromFileSystem();
+
+ } catch (ConfigurationException e) {
+ Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e);
+
+ }
}
- protected void initializeEidasMetadataFromFileSystem() {
- Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
- if (!metadataToLoad.isEmpty()) {
- Logger.info("Load static configurated eIDAS metadata ... ");
- for (String metaatalocation : metadataToLoad.values()) {
- String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());
- Logger.info(" Load eIDAS metadata from: " + absMetadataLocation);
- refreshMetadataProvider(absMetadataLocation);
+ protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
+ try {
+ Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+ if (!metadataToLoad.isEmpty()) {
+ Logger.info("Load static configurated eIDAS metadata ... ");
+ for (String metaatalocation : metadataToLoad.values()) {
+ String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());
+ Logger.info(" Load eIDAS metadata from: " + absMetadataLocation);
+ refreshMetadataProvider(absMetadataLocation);
+ }
+
+ Logger.info("Load static configurated eIDAS metadata finished ");
}
- Logger.info("Load static configurated eIDAS metadata finished ");
- }
+ } catch (MalformedURLException e) {
+ Logger.warn("MOA-ID configuration error." , e);
+ throw new ConfigurationException("MOA-ID configuration error.", null, e);
+
+ }
}
@@ -229,11 +241,12 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
//add Metadata filters
MetadataFilterChain filter = new MetadataFilterChain();
filter.addFilter(new MOASPMetadataSignatureFilter(
- authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+ authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
- return createNewMoaMetadataProvider(metadataURL, filter,
+ return createNewSimpleMetadataProvider(metadataURL, filter,
"eIDAS metadata-provider",
- timer, AbstractProtocolEngine.getSecuredParserPool());
+ timer, AbstractProtocolEngine.getSecuredParserPool(),
+ createHttpClient(metadataURL));
}
@@ -414,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
if (observer != null)
observer.onEvent(this);
}
+
+ private HttpClient createHttpClient(String metadataURL) {
+ MOAHttpClient httpClient = new MOAHttpClient();
+ HttpClientParams httpClientParams = new HttpClientParams();
+ httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+ httpClient.setParams(httpClientParams);
+
+ if (metadataURL.startsWith("https:")) {
+ try {
+ if (basicConfig instanceof AuthConfiguration) {
+ AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getTrustedCACertificates(),
+ null,
+ AuthConfiguration.DEFAULT_X509_CHAININGMODE,
+ moaAuthConfig.isTrustmanagerrevoationchecking(),
+ moaAuthConfig.getRevocationMethodOrder(),
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+
+ httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+ }
+
+ } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+ Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+
+ }
+ }
+
+ return httpClient;
+
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 04:41:37 +0000