From 1984a9914bb024bdd7b486ec6dd6ba4144c0c70b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 19 Sep 2013 19:32:36 +0200 Subject: Reload MOAMetadataProvider after config changes --- .../configuration/struts/action/EditOAAction.java | 38 +++++++++++++++++++++- .../moa/id/config/auth/AuthConfigLoader.java | 14 ++++++++ .../pvp2x/metadata/MOAMetadataProvider.java | 32 +++++++++++++++--- .../src/main/resources/config/moaid_config_2.0.xsd | 1 + 4 files changed, 80 insertions(+), 5 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index f160e3e51..cd34d382b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -4,6 +4,7 @@ import java.io.IOException; import java.math.BigInteger; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -19,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; @@ -297,7 +299,9 @@ ServletResponseAware { if (!authUser.isAdmin()) { onlineapplication.setIsAdminRequired(true); + } + } else { if (!authUser.isAdmin() && @@ -332,6 +336,22 @@ ServletResponseAware { } catch (ConfigurationException e) { log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } + } + } + + if (pvp2OA.getMetaDataURL() != null) { + + try { + if (newentry || !pvp2OA.getMetaDataURL() + .equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); } } @@ -348,6 +368,8 @@ ServletResponseAware { } } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); if (nextPageAttr != null && nextPageAttr instanceof String) { @@ -479,8 +501,22 @@ ServletResponseAware { } OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - request.getSession().setAttribute(Constants.SESSION_OAID, null); + + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + if (ConfigurationDBUtils.delete(onlineapplication)) { if (!authUser.isAdmin()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 12ab3f871..92323f02b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -1,10 +1,15 @@ package at.gv.egovernment.moa.id.config.auth; +import iaik.util.logging.Log; + import java.util.Date; +import org.bouncycastle.asn1.pkcs.Pfx; + import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; @@ -20,6 +25,7 @@ public class AuthConfigLoader implements Runnable { Logger.info("check for new config."); MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Date dbdate = moaidconfig.getTimestampItem(); + Date pvprefresh = moaidconfig.getPvp2RefreshItem(); ConfigurationDBUtils.closeSession(); Date date = AuthConfigurationProvider.getTimeStamp(); @@ -28,6 +34,14 @@ public class AuthConfigLoader implements Runnable { AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance(); instance.reloadDataBaseConfig(); } + + Date pvpdate = MOAMetadataProvider.getTimeStamp(); + if (pvprefresh != null && pvprefresh.after(pvpdate)) { + MOAMetadataProvider metainst = MOAMetadataProvider.getInstance(); + metainst.reInitialize(); + } + + } catch (Throwable e) { Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index a92ac8e7f..a61633e12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -1,11 +1,16 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import iaik.util.logging.Log; + import java.security.cert.CertificateException; +import java.util.Date; import java.util.Iterator; import java.util.List; +import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -29,7 +34,9 @@ public class MOAMetadataProvider implements MetadataProvider { private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); - + private static Date timestamp; + + public static MOAMetadataProvider getInstance() { if (instance == null) { synchronized (mutex) { @@ -41,6 +48,17 @@ public class MOAMetadataProvider implements MetadataProvider { return instance; } + public static Date getTimeStamp() { + return timestamp; + } + + public void reInitialize() { + synchronized (mutex) { + Log.info("ReInitalize MOAMetaDataProvider."); + instance = new MOAMetadataProvider(); + } + } + MetadataProvider internalProvider; private MOAMetadataProvider() { @@ -59,15 +77,20 @@ public class MOAMetadataProvider implements MetadataProvider { String metadataURL = pvp2Config.getMetadataURL(); try { // TODO: use proper SSL checking - HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( - metadataURL, 20000); + HTTPMetadataProvider httpProvider = + new HTTPMetadataProvider(new Timer(), new HttpClient(), + metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); + httpProvider.setMinRefreshDelay(1000*60*5); //5min + httpProvider.setMaxRefreshDelay(1000*60*30); //30min + //httpProvider.setRefreshDelayFactor(0.1F); MetadataFilter filter = new MetadataSignatureFilter( metadataURL, pvp2Config.getCertificate()); httpProvider.setMetadataFilter(filter); chainProvider.addMetadataProvider(httpProvider); httpProvider.initialize(); + } catch (MetadataProviderException e) { Logger.error( "Failed to add Metadata file for " @@ -91,8 +114,9 @@ public class MOAMetadataProvider implements MetadataProvider { } internalProvider = chainProvider; + timestamp = new Date(); } - + public boolean requireValidMetadata() { return internalProvider.requireValidMetadata(); } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index c17a8cbd4..dd696f42f 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -272,6 +272,7 @@ + -- cgit v1.2.3