Package se.litsec.opensaml.saml2.metadata.provider

Class AbstractMetadataProvider

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

se.litsec.opensaml.saml2.metadata.provider.AbstractMetadataProvider

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MetadataProvider

Direct Known Subclasses:

CompositeMetadataProvider, FilesystemMetadataProvider, HTTPMetadataProvider, ProxyMetadataProvider, SpringResourceMetadataProvider, StaticMetadataProvider

public abstract class AbstractMetadataProvider
extends AbstractInitializableComponent
implements MetadataProvider

Abstract base class for the MetadataProvider interface.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	AbstractMetadataProvider.EntityDescriptorIterator	Iterates over EntitiesDescriptor or EntityDescriptor.

Constructor Summary

Constructors

Constructor	Description
AbstractMetadataProvider()

Method Summary

Modifier and Type	Method	Description
protected MetadataFilter	createFilter()	Creates the filter(s) that this instance should be configured with.
protected abstract void	createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, MetadataFilter filter)	Creates the specific MetadataResolver instance for the provider implementation.
protected abstract void	destroyMetadataResolver()	Destroys the metadata resolver.
protected void	doDestroy()
protected void	doInitialize()
EntityDescriptor	getEntityDescriptor(String entityID)	Returns the entity descriptor identified by the given entityID.
List<EntityDescriptor>	getIdentityProviders()	Utility method that returns a list of entity descriptors for Identity Providers found in the metadata.
IDPSSODescriptor	getIDPSSODescriptor(String entityID)	A utility method that extracts the IdP SSO descriptor from the Entity Descriptor identified by the supplied entityID.
Instant	getLastUpdate()	Returns the time the currently available metadata was last updated.
XMLObject	getMetadata()	Returns the XML element making up the metadata for the federation.
Element	getMetadataDOM()	Returns the DOM element making up the metadata for the federation.
List<EntityDescriptor>	getServiceProviders()	Utility method that returns a list of entity descriptors for Service Providers found in the metadata.
List<X509Certificate>	getSignatureVerificationCertificates()	Gets the certificate that is to be used when verifying the signature on downloaded metadata.
SPSSODescriptor	getSPSSODescriptor(String entityID)	A utility method that extracts the SP SSO descriptor from the Entity Descriptor identified by the supplied entityID.
protected abstract void	initializeMetadataResolver()	Initializes the metadata resolver.
Iterable<EntityDescriptor>	iterator()	Returns an iterator for all entity descriptors held by the provider.
Iterable<EntityDescriptor>	iterator(QName role)	Returns an iterator for all entity descriptors having the given role.
void	refresh()	Refresh the metadata handled by the provider.
void	setExclusionPredicates(List<Predicate<EntityDescriptor>> exclusionPredicates)	Assigns a list of exclusion predicates that will be applied to downloaded metadata.
void	setFailFastInitialization(boolean failFast)	Sets whether problems during initialization should cause the provider to fail or go on without metadata.
void	setInclusionPredicates(List<Predicate<EntityDescriptor>> inclusionPredicates)	Assigns a list of inclusion predicates that will be applied to downloaded metadata.
void	setPerformSchemaValidation(boolean performSchemaValidation)	Assigns whether XML schema validation should be performed on downloaded metadata.
void	setRequireValidMetadata(boolean requireValidMetadata)	Sets whether the metadata returned by queries must be valid.
void	setSignatureVerificationCertificate(X509Certificate signatureVerificationCertificate)	Assigns the certificate that is to be used when verifying the signature on downloaded metadata.
void	setSignatureVerificationCertificates(List<X509Certificate> signatureVerificationCertificates)	Assigns the certificates that are to be used when verifying the signature on downloaded metadata.

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Methods inherited from interface se.litsec.opensaml.saml2.metadata.provider.MetadataProvider

getID, getMetadataResolver

Constructor Detail

AbstractMetadataProvider

public AbstractMetadataProvider()

Method Detail

getMetadata

public XMLObject getMetadata()

Returns the XML element making up the metadata for the federation. This element is either an EntityDescriptor or an EntitiesDescriptor.

Specified by:

getMetadata in interface MetadataProvider

Returns:

an XML element

getMetadataDOM

public Element getMetadataDOM()
                       throws MarshallingException

Returns the DOM element making up the metadata for the federation.

Specified by:

getMetadataDOM in interface MetadataProvider

Returns:

a DOM element

Throws:

MarshallingException - for XML marshalling errors

getLastUpdate

public Instant getLastUpdate()

Returns the time the currently available metadata was last updated.

Specified by:

getLastUpdate in interface MetadataProvider

Returns:

time when the currently metadata was last updated, or null if no metadata has been successfully loaded

refresh

public void refresh()
             throws ResolverException

Refresh the metadata handled by the provider.

An implementation that does not support refresh should implement this operation as a no-op. Implementations that do support refresh of metadata should typically be either synchronized or make use other locking mechanisms to protect against concurrent access.

Specified by:

refresh in interface MetadataProvider

Throws:

ResolverException - if the refresh operation was unsuccessful

iterator

public Iterable<EntityDescriptor> iterator()

Returns an iterator for all entity descriptors held by the provider.

Specified by:

iterator in interface MetadataProvider

Returns:

an iterator for all entity descriptors

iterator

public Iterable<EntityDescriptor> iterator(QName role)

Returns an iterator for all entity descriptors having the given role.

To list all IdP:s and SP:s do:

 idps = provider.iterator(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
 sps = provider.iterator(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 

Specified by:

iterator in interface MetadataProvider

Parameters:

role - role descriptor

Returns:

an iterator for all matching entity descriptors

See Also:

MetadataProvider.getIdentityProviders(), MetadataProvider.getServiceProviders()

getEntityDescriptor

public EntityDescriptor getEntityDescriptor(String entityID)
                                     throws ResolverException

Returns the entity descriptor identified by the given entityID.

Specified by:

getEntityDescriptor in interface MetadataProvider

Parameters:

entityID - the unique entityID for the entry

Returns:

an entity descriptor

Throws:

ResolverException - for underlying metadata errors

getIDPSSODescriptor

public IDPSSODescriptor getIDPSSODescriptor(String entityID)
                                     throws ResolverException

A utility method that extracts the IdP SSO descriptor from the Entity Descriptor identified by the supplied entityID.

Specified by:

getIDPSSODescriptor in interface MetadataProvider

Parameters:

entityID - the entityID for the IdP

Returns:

the SSO descriptor for the IdP

Throws:

ResolverException - for underlying metadata errors

See Also:

MetadataProvider.getEntityDescriptor(String)

getSPSSODescriptor

public SPSSODescriptor getSPSSODescriptor(String entityID)
                                   throws ResolverException

A utility method that extracts the SP SSO descriptor from the Entity Descriptor identified by the supplied entityID.

Specified by:

getSPSSODescriptor in interface MetadataProvider

Parameters:

entityID - the entityID for the Service Provider

Returns:

the SSO descriptor for the SP

Throws:

ResolverException - for underlying metadata errors

See Also:

MetadataProvider.getEntityDescriptor(String)

getIdentityProviders

public List<EntityDescriptor> getIdentityProviders()
                                            throws ResolverException

Utility method that returns a list of entity descriptors for Identity Providers found in the metadata.

Specified by:

getIdentityProviders in interface MetadataProvider

Returns:

a list of entity descriptors

Throws:

ResolverException - for metadata errors

getServiceProviders

public List<EntityDescriptor> getServiceProviders()
                                           throws ResolverException

Utility method that returns a list of entity descriptors for Service Providers found in the metadata.

Specified by:

getServiceProviders in interface MetadataProvider

Returns:

a list of entity descriptors

Throws:

ResolverException - for metadata errors

doInitialize

protected final void doInitialize()
                           throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

createFilter

protected MetadataFilter createFilter()

Creates the filter(s) that this instance should be configured with.

Returns:

a metadata filter

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class AbstractInitializableComponent

createMetadataResolver

protected abstract void createMetadataResolver(boolean requireValidMetadata,
                                               boolean failFastInitialization,
                                               MetadataFilter filter)
                                        throws ResolverException

Creates the specific MetadataResolver instance for the provider implementation.

The filter parameter is a MetadataFilter that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.

Parameters:

requireValidMetadata - should be passed into MetadataResolver.setRequireValidMetadata(boolean)

failFastInitialization - should be passed into AbstractMetadataResolver.setFailFastInitialization(boolean) (if applicable)

filter - filter that must be installed for the resolver

Throws:

ResolverException - for errors creating the resolver

initializeMetadataResolver

protected abstract void initializeMetadataResolver()
                                            throws ComponentInitializationException

Initializes the metadata resolver.

Throws:

ComponentInitializationException - for initialization errors

destroyMetadataResolver

protected abstract void destroyMetadataResolver()

Destroys the metadata resolver.

setRequireValidMetadata

public void setRequireValidMetadata(boolean requireValidMetadata)

Sets whether the metadata returned by queries must be valid.

Parameters:

requireValidMetadata - whether the metadata returned by queries must be valid

setFailFastInitialization

public void setFailFastInitialization(boolean failFast)

Sets whether problems during initialization should cause the provider to fail or go on without metadata. The assumption being that in most cases a provider will recover at some point in the future.

Parameters:

failFast - whether problems during initialization should cause the provider to fail

setSignatureVerificationCertificate

public void setSignatureVerificationCertificate(X509Certificate signatureVerificationCertificate)

Assigns the certificate that is to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.

Parameters:

signatureVerificationCertificate - the certificate to assign

setSignatureVerificationCertificates

public void setSignatureVerificationCertificates(List<X509Certificate> signatureVerificationCertificates)

Assigns the certificates that are to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.

The reason that more than one certificate may be assigned is that we want to be able to handle signing certificate updates in a smooth way.

Parameters:

signatureVerificationCertificates - the certificates to assign

getSignatureVerificationCertificates

public List<X509Certificate> getSignatureVerificationCertificates()

Gets the certificate that is to be used when verifying the signature on downloaded metadata.

Returns:

the certificates or null

setPerformSchemaValidation

public void setPerformSchemaValidation(boolean performSchemaValidation)

Assigns whether XML schema validation should be performed on downloaded metadata.

Parameters:

performSchemaValidation - whether schema validation should be performed

setInclusionPredicates

public void setInclusionPredicates(List<Predicate<EntityDescriptor>> inclusionPredicates)

Assigns a list of inclusion predicates that will be applied to downloaded metadata.

Parameters:

inclusionPredicates - predicates

See Also:

MetadataProviderPredicates

setExclusionPredicates

public void setExclusionPredicates(List<Predicate<EntityDescriptor>> exclusionPredicates)

Assigns a list of exclusion predicates that will be applied to downloaded metadata.

Parameters:

exclusionPredicates - predicates

See Also:

MetadataProviderPredicates