/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
import java.security.KeyStore;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
import eu.eidas.auth.engine.ProtocolEngineI;
import eu.eidas.auth.engine.metadata.MetadataFetcherI;
import eu.eidas.auth.engine.metadata.MetadataSignerI;
import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import eu.eidas.engine.exceptions.SAMLEngineException;
/**
* @author tlenz
*
*/
public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
private MetadataProvider metadataprovider = null;
/**
*
*/
public MOAeIDASMetadataProviderDecorator(MetadataProvider metadataprovider) {
this.metadataprovider = metadataprovider;
}
/**
* Refresh the SAML2 metadata of a specific Entity
*
* Info: A refresh is only possible if the internal metadata provider implements
* the 'RefeshableMetadataProvider' interface
*
* @param entityId EntityID that should be refreshed
* @return true if refresh was successful, otherwise false
*/
public boolean refreshMetadata(String entityId) {
if (this.metadataprovider instanceof IMOARefreshableMetadataProvider )
return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);
else
return false;
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataFetcherI#getEntityDescriptor(java.lang.String, eu.eidas.auth.engine.metadata.MetadataSignerI)
*/
@Override
public EntityDescriptor getEntityDescriptor(String url, MetadataSignerI paramMetadataSignerI)
throws EIDASSAMLEngineException {
try {
/*TODO: maybe implement metadata signature validation on every request,
* but it is not needed in case of cached metadata provider,
* because signature must be only validated in case of cache reload operation
*/
return this.metadataprovider.getEntityDescriptor(url);
} catch (MetadataProviderException e) {
throw new EIDASSAMLEngineException("eIDAS Metadata processing FAILED.", e);
}
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getEntityDescriptor(java.lang.String)
*/
@Deprecated
public EntityDescriptor getEntityDescriptor(String url)
throws SAMLEngineException {
try {
return this.metadataprovider.getEntityDescriptor(url);
} catch (MetadataProviderException e) {
throw new SAMLEngineException("eIDAS Metadata processing FAILED.", e);
}
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getSPSSODescriptor(java.lang.String)
*/
@Deprecated
public SPSSODescriptor getSPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), SPSSODescriptor.class);
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#getIDPSSODescriptor(java.lang.String)
*/
@Deprecated
public IDPSSODescriptor getIDPSSODescriptor(String url)
throws SAMLEngineException {
return getFirstRoleDescriptor(getEntityDescriptor(url), IDPSSODescriptor.class);
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, eu.eidas.auth.engine.EIDASSAMLEngine)
*/
@Deprecated
public void checkValidMetadataSignature(String url, ProtocolEngineI engine)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
//TODO: maybe signature validation is needed on every request
}
/* (non-Javadoc)
* @see eu.eidas.auth.engine.metadata.MetadataProcessorI#checkValidMetadataSignature(java.lang.String, java.security.KeyStore)
*/
@Deprecated
public void checkValidMetadataSignature(String url, KeyStore trustStore)
throws SAMLEngineException {
//Do nothing, because metadata signature is already validated during
//metadata provider initialization
}
@Deprecated
protected T getFirstRoleDescriptor(EntityDescriptor entityDescriptor, final Class clazz){
for(RoleDescriptor rd:entityDescriptor.getRoleDescriptors()){
if(clazz.isInstance(rd)){
return (T)rd;
}
}
return null;
}
}