se.litsec.opensaml.saml2.metadata.provider

Class HTTPMetadataProvider

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

se.litsec.opensaml.saml2.metadata.provider.AbstractMetadataProvider

se.litsec.opensaml.saml2.metadata.provider.HTTPMetadataProvider

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MetadataProvider

public class HTTPMetadataProvider
extends AbstractMetadataProvider

A provider that downloads metadata from a HTTP resource.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

See Also:

HTTPMetadataResolver, FileBackedHTTPMetadataResolver

Nested Class Summary

Nested classes/interfaces inherited from class se.litsec.opensaml.saml2.metadata.provider.AbstractMetadataProvider

AbstractMetadataProvider.EntityDescriptorIterator

Constructor Summary

Constructors

Constructor and Description
HTTPMetadataProvider(String metadataUrl, String backupFile) Creates a provider that periodically downloads data from the URL given by metadataUrl.
HTTPMetadataProvider(String metadataUrl, String backupFile, org.apache.http.client.HttpClient httpClient, HttpClientSecurityParameters tlsSecurityParameters) Creates a provider that peiodically downloads data from the URL given by metadataUrl.
HTTPMetadataProvider(String metadataUrl, String backupFile, HttpClientSecurityParameters tlsSecurityParameters) Creates a provider that peiodically downloads data from the URL given by metadataUrl.

Method Summary

Modifier and Type	Method and Description
static org.apache.http.client.HttpClient	createDefaultHttpClient() Creates a default HttpClient instance that uses system properties and sets a SSLSocketFactory that is configured in a "no trust" mode, meaning that all peer certificates are accepted and no hostname check is made.
protected void	createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, MetadataFilter filter) Creates the specific MetadataResolver instance for the provider implementation.
static TrustEngine<? super X509Credential>	createTlsTrustEngine(KeyStore trustStore) Creates a TrustEngine instance based on the supplied trust key store.
protected void	destroyMetadataResolver() Destroys the metadata resolver.
String	getID() Returns the identifier for the provider.
MetadataResolver	getMetadataResolver() Returns the underlying OpenSAML metadata resolver.
protected void	initializeMetadataResolver() Initializes the metadata resolver.

Methods inherited from class se.litsec.opensaml.saml2.metadata.provider.AbstractMetadataProvider

createFilter, doDestroy, doInitialize, getEntityDescriptor, getIdentityProviders, getIDPSSODescriptor, getLastUpdate, getMetadata, getMetadataDOM, getServiceProviders, getSPSSODescriptor, iterator, iterator, refresh, setExclusionPredicates, setFailFastInitialization, setInclusionPredicates, setPerformSchemaValidation, setRequireValidMetadata, setSignatureVerificationCertificate

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Constructor Detail

HTTPMetadataProvider

public HTTPMetadataProvider(String metadataUrl,
                            String backupFile)
                     throws ResolverException

Creates a provider that periodically downloads data from the URL given by metadataUrl. If the backupFile parameter is given the provider also stores the downloaded metadata on disk as backup.

This constructor will initialize the underlying MetadataResolver with a default HttpClient instance that is initialized according to createDefaultHttpClient().

Since no security parameters for TLS connections are given, this will be read from the system properties javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword.

Parameters:

metadataUrl - the URL to use when downloading metadata

backupFile - optional path to the file to where the provider should store downloaded metadata

Throws:

ResolverException - if the supplied metadata URL is invalid

HTTPMetadataProvider

public HTTPMetadataProvider(String metadataUrl,
                            String backupFile,
                            HttpClientSecurityParameters tlsSecurityParameters)
                     throws ResolverException

Creates a provider that peiodically downloads data from the URL given by metadataUrl. If the backupFile parameter is given the provider also stores the downloaded metadata on disk as backup.

This constructor will initialize the underlying MetadataResolver with a default HttpClient instance that is initialized according to createDefaultHttpClient() and the supplied security parameters.

Parameters:

metadataUrl - the URL to use when downloading metadata

backupFile - optional path to the file to where the provider should store downloaded metadata

tlsSecurityParameters - security parameters to use for TLS connections (including TLS truststore). If not set, default system settings will be applied

Throws:

ResolverException - if the supplied metadata URL is invalid

HTTPMetadataProvider

public HTTPMetadataProvider(String metadataUrl,
                            String backupFile,
                            org.apache.http.client.HttpClient httpClient,
                            HttpClientSecurityParameters tlsSecurityParameters)
                     throws ResolverException

Creates a provider that peiodically downloads data from the URL given by metadataUrl. If the backupFile parameter is given the provider also stores the downloaded metadata on disk as backup.

Parameters:

metadataUrl - the URL to use when downloading metadata

backupFile - optional path to the file to where the provider should store downloaded metadata

httpClient - the HttpClient that should be used to download the metadata

tlsSecurityParameters - security parameters to use for TLS connections (including TLS truststore). If not set, default system settings will be applied

Throws:

ResolverException - if the supplied metadata URL is invalid

Method Detail

createDefaultHttpClient

public static org.apache.http.client.HttpClient createDefaultHttpClient()

Creates a default HttpClient instance that uses system properties and sets a SSLSocketFactory that is configured in a "no trust" mode, meaning that all peer certificates are accepted and no hostname check is made.

TLS security parameters, such as a trust engine, may later be added by assigning a configured HttpClientSecurityParameters instance in the constructor.

Returns:

a default HttpClient instance

getID

public String getID()

Returns the identifier for the provider.

Returns:

the identifier

getMetadataResolver

public MetadataResolver getMetadataResolver()

Returns the underlying OpenSAML metadata resolver.

Returns:

OpenSAML metadata resolver

createMetadataResolver

protected void createMetadataResolver(boolean requireValidMetadata,
                                      boolean failFastInitialization,
                                      MetadataFilter filter)
                               throws ResolverException

Creates the specific MetadataResolver instance for the provider implementation.

The filter parameter is a MetadataFilter that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.

Specified by:

createMetadataResolver in class AbstractMetadataProvider

Parameters:

requireValidMetadata - should be passed into MetadataResolver.setRequireValidMetadata(boolean)

failFastInitialization - should be passed into AbstractMetadataResolver.setFailFastInitialization(boolean) (if applicable)

filter - filter that must be installed for the resolver

Throws:

ResolverException - for errors creating the resolver

createTlsTrustEngine

public static TrustEngine<? super X509Credential> createTlsTrustEngine(KeyStore trustStore)
                                                                throws KeyStoreException

Creates a TrustEngine instance based on the supplied trust key store.

Parameters:

trustStore - the keystore holding the trusted certificates

Returns:

a TrustEngine instance

Throws:

KeyStoreException - for errors reading the TLS trust key store

initializeMetadataResolver

protected void initializeMetadataResolver()
                                   throws ComponentInitializationException

Initializes the metadata resolver.

Specified by:

initializeMetadataResolver in class AbstractMetadataProvider

Throws:

ComponentInitializationException - for initialization errors

destroyMetadataResolver

protected void destroyMetadataResolver()

Destroys the metadata resolver.

Specified by:

destroyMetadataResolver in class AbstractMetadataProvider