From 1984a9914bb024bdd7b486ec6dd6ba4144c0c70b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Sep 2013 19:32:36 +0200 Subject: Reload MOAMetadataProvider after config changes --- .../moa/id/config/auth/AuthConfigLoader.java | 14 ++++++++++ .../pvp2x/metadata/MOAMetadataProvider.java | 32 +++++++++++++++++++--- 2 files changed, 42 insertions(+), 4 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 12ab3f871..92323f02b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -1,10 +1,15 @@ package at.gv.egovernment.moa.id.config.auth; +import iaik.util.logging.Log; + import java.util.Date; +import org.bouncycastle.asn1.pkcs.Pfx; + import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; @@ -20,6 +25,7 @@ public class AuthConfigLoader implements Runnable { Logger.info("check for new config."); MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Date dbdate = moaidconfig.getTimestampItem(); + Date pvprefresh = moaidconfig.getPvp2RefreshItem(); ConfigurationDBUtils.closeSession(); Date date = AuthConfigurationProvider.getTimeStamp(); @@ -28,6 +34,14 @@ public class AuthConfigLoader implements Runnable { AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance(); instance.reloadDataBaseConfig(); } + + Date pvpdate = MOAMetadataProvider.getTimeStamp(); + if (pvprefresh != null && pvprefresh.after(pvpdate)) { + MOAMetadataProvider metainst = MOAMetadataProvider.getInstance(); + metainst.reInitialize(); + } + + } catch (Throwable e) { Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index a92ac8e7f..a61633e12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,11 +1,16 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import iaik.util.logging.Log; + import java.security.cert.CertificateException; +import java.util.Date; import java.util.Iterator; import java.util.List; +import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -29,7 +34,9 @@ public class MOAMetadataProvider implements MetadataProvider { private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); - + private static Date timestamp; + + public static MOAMetadataProvider getInstance() { if (instance == null) { synchronized (mutex) { @@ -41,6 +48,17 @@ public class MOAMetadataProvider implements MetadataProvider { return instance; } + public static Date getTimeStamp() { + return timestamp; + } + + public void reInitialize() { + synchronized (mutex) { + Log.info("ReInitalize MOAMetaDataProvider."); + instance = new MOAMetadataProvider(); + } + } + MetadataProvider internalProvider; private MOAMetadataProvider() { @@ -59,15 +77,20 @@ public class MOAMetadataProvider implements MetadataProvider { String metadataURL = pvp2Config.getMetadataURL(); try { // TODO: use proper SSL checking - HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( - metadataURL, 20000); + HTTPMetadataProvider httpProvider = + new HTTPMetadataProvider(new Timer(), new HttpClient(), + metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); + httpProvider.setMinRefreshDelay(1000*60*5); //5min + httpProvider.setMaxRefreshDelay(1000*60*30); //30min + //httpProvider.setRefreshDelayFactor(0.1F); MetadataFilter filter = new MetadataSignatureFilter( metadataURL, pvp2Config.getCertificate()); httpProvider.setMetadataFilter(filter); chainProvider.addMetadataProvider(httpProvider); httpProvider.initialize(); + } catch (MetadataProviderException e) { Logger.error( "Failed to add Metadata file for " @@ -91,8 +114,9 @@ public class MOAMetadataProvider implements MetadataProvider { } internalProvider = chainProvider; + timestamp = new Date(); } - + public boolean requireValidMetadata() { return internalProvider.requireValidMetadata(); } -- cgit v1.2.3