org.opensaml.saml.metadata.resolver.impl

Class AbstractDynamicHTTPMetadataResolver

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver

org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver

org.opensaml.saml.metadata.resolver.impl.AbstractDynamicHTTPMetadataResolver

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.IdentifiedComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, net.shibboleth.utilities.java.support.resolver.Resolver<EntityDescriptor,net.shibboleth.utilities.java.support.resolver.CriteriaSet>, DynamicMetadataResolver, MetadataResolver

Direct Known Subclasses:

FunctionDrivenDynamicHTTPMetadataResolver

public abstract class AbstractDynamicHTTPMetadataResolver
extends AbstractDynamicMetadataResolver

Abstract subclass for dynamic metadata resolvers that implement metadata resolution based on HTTP requests.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	AbstractDynamicHTTPMetadataResolver.BasicMetadataResponseHandler Basic HttpClient response handler for processing metadata fetch requests.

Nested classes/interfaces inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver

AbstractDynamicMetadataResolver.BackingStoreCleanupSweeper, AbstractDynamicMetadataResolver.DynamicEntityBackingStore, AbstractDynamicMetadataResolver.EntityManagementData

Nested classes/interfaces inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver

AbstractMetadataResolver.EntityBackingStore

Field Summary

Fields

Modifier and Type	Field and Description
private org.apache.http.client.CredentialsProvider	credentialsProvider HttpClient credentials provider.
static java.lang.String[]	DEFAULT_CONTENT_TYPES Default list of supported content MIME types.
private org.apache.http.client.HttpClient	httpClient HTTP Client used to pull the metadata.
private org.slf4j.Logger	log Class logger.
private org.apache.http.client.ResponseHandler<XMLObject>	responseHandler HttpClient ResponseHandler instance to use.
private java.util.List<java.lang.String>	supportedContentTypes List of supported MIME types for use in Accept request header and validation of response Content-Type header.
private java.lang.String	supportedContentTypesValue Generated Accept request header value.
private TrustEngine<? super X509Credential>	tlsTrustEngine Optional trust engine used in evaluating server TLS credentials.

Constructor Summary

Constructors

Constructor and Description
AbstractDynamicHTTPMetadataResolver(org.apache.http.client.HttpClient client) Constructor.
AbstractDynamicHTTPMetadataResolver(java.util.Timer backgroundTaskTimer, org.apache.http.client.HttpClient client) Constructor.

Method Summary

Modifier and Type	Method and Description
protected org.apache.http.client.protocol.HttpClientContext	buildHttpClientContext() Build the HttpClientContext instance which will be used to invoke the HttpClient request.
protected org.apache.http.client.methods.HttpUriRequest	buildHttpRequest(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) Build an appropriate instance of HttpUriRequest based on the input criteria set.
protected abstract java.lang.String	buildRequestURL(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) Build the request URL based on the input criteria set.
protected void	checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context, org.apache.http.client.methods.HttpUriRequest request) Check that trust engine evaluation of the server TLS credential was actually performed.
protected void	doDestroy()
protected XMLObject	fetchFromOriginSource(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) Fetch the metadata from the origin source.
java.util.List<java.lang.String>	getSupportedContentTypes() Get the list of supported MIME types for use in Accept request header and validation of response Content-Type header.
protected void	initMetadataResolver() Subclasses should override this method to perform any initialization logic necessary.
void	setBasicCredentials(org.apache.http.auth.UsernamePasswordCredentials credentials) A convenience method to set a (single) username and password used to access metadata.
void	setBasicCredentialsWithScope(org.apache.http.auth.UsernamePasswordCredentials credentials, org.apache.http.auth.AuthScope scope) A convenience method to set a (single) username and password used to access metadata.
void	setCredentialsProvider(org.apache.http.client.CredentialsProvider provider) Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
void	setSupportedContentTypes(java.util.List<java.lang.String> types) Set the list of supported MIME types for use in Accept request header and validation of response Content-Type header.
void	setTLSTrustEngine(TrustEngine<? super X509Credential> engine) Sets the optional trust engine used in evaluating server TLS credentials.

Methods inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver

computeExpirationTime, computeRefreshTriggerTime, createNewBackingStore, getBackingStore, getCleanupTaskInterval, getMaxCacheDuration, getMaxIdleEntityData, getMinCacheDuration, getRefreshDelayFactor, isRemoveIdleEntityData, lookupEntityID, preProcessEntityDescriptor, processNewMetadata, resolve, resolveFromOriginSource, setCleanupTaskInterval, setMaxCacheDuration, setMaxIdleEntityData, setMinCacheDuration, setRefreshDelayFactor, setRemoveIdleEntityData, shouldAttemptRefresh

Methods inherited from class org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver

doInitialize, filterMetadata, getMetadataFilter, getParserPool, getUnmarshallerFactory, indexEntityDescriptor, isFailFastInitialization, isRequireValidMetadata, isValid, lookupIndexedEntityID, preProcessEntitiesDescriptor, releaseMetadataDOM, removeByEntityID, resolveSingle, setBackingStore, setFailFastInitialization, setMetadataFilter, setParserPool, setRequireValidMetadata, unmarshallMetadata

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiableInitializableComponent

setId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent

getId

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.saml.metadata.resolver.MetadataResolver

getMetadataFilter, isRequireValidMetadata, setMetadataFilter, setRequireValidMetadata

Methods inherited from interface net.shibboleth.utilities.java.support.resolver.Resolver

resolveSingle

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent

getId

Field Detail

DEFAULT_CONTENT_TYPES

public static final java.lang.String[] DEFAULT_CONTENT_TYPES

Default list of supported content MIME types.

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

httpClient

@Nonnull
private org.apache.http.client.HttpClient httpClient

HTTP Client used to pull the metadata.

supportedContentTypes

private java.util.List<java.lang.String> supportedContentTypes

List of supported MIME types for use in Accept request header and validation of response Content-Type header.

supportedContentTypesValue

private java.lang.String supportedContentTypesValue

Generated Accept request header value.

responseHandler

private org.apache.http.client.ResponseHandler<XMLObject> responseHandler

HttpClient ResponseHandler instance to use.

credentialsProvider

private org.apache.http.client.CredentialsProvider credentialsProvider

HttpClient credentials provider.

tlsTrustEngine

private TrustEngine<? super X509Credential> tlsTrustEngine

Optional trust engine used in evaluating server TLS credentials.

Constructor Detail

AbstractDynamicHTTPMetadataResolver

public AbstractDynamicHTTPMetadataResolver(@Nonnull
                                           org.apache.http.client.HttpClient client)

Constructor.

Parameters:

client - the instance of HttpClient used to fetch remote metadata

AbstractDynamicHTTPMetadataResolver

public AbstractDynamicHTTPMetadataResolver(@Nullable
                                           java.util.Timer backgroundTaskTimer,
                                           @Nonnull
                                           org.apache.http.client.HttpClient client)

Constructor.

Parameters:

backgroundTaskTimer - the Timer instance used to run resolver background managment tasks

client - the instance of HttpClient used to fetch remote metadata

Method Detail

setTLSTrustEngine

public void setTLSTrustEngine(@Nullable
                              TrustEngine<? super X509Credential> engine)

Sets the optional trust engine used in evaluating server TLS credentials.

Must be used in conjunction with an HttpClient instance which is configured with a TrustEngineTLSSocketFactory. If this socket factory is not configured, then this will result in no TLS trust evaluation being performed and a ResolverException will ultimately be thrown.

Parameters:

engine - the trust engine instance to use

setCredentialsProvider

public void setCredentialsProvider(@Nullable
                                   org.apache.http.client.CredentialsProvider provider)

Set an instance of CredentialsProvider used for authentication by the HttpClient instance.

Parameters:

provider - the credentials provider

setBasicCredentials

public void setBasicCredentials(@Nullable
                                org.apache.http.auth.UsernamePasswordCredentials credentials)

A convenience method to set a (single) username and password used to access metadata. To disable BASIC authentication pass null for the credentials instance.

An AuthScope will be generated which specifies any host, port, scheme and realm.

To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

Parameters:

credentials - the username and password credentials

setBasicCredentialsWithScope

public void setBasicCredentialsWithScope(@Nullable
                                         org.apache.http.auth.UsernamePasswordCredentials credentials,
                                         @Nullable
                                         org.apache.http.auth.AuthScope scope)

A convenience method to set a (single) username and password used to access metadata. To disable BASIC authentication pass null for the credentials instance.

If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

Parameters:

credentials - the username and password credentials

scope - the HTTP client auth scope with which to scope the credentials, may be null

getSupportedContentTypes

@NonnullAfterInit
 @NotLive
 @Unmodifiable
public java.util.List<java.lang.String> getSupportedContentTypes()

Get the list of supported MIME types for use in Accept request header and validation of response Content-Type header.

Returns:

the supported content types

setSupportedContentTypes

public void setSupportedContentTypes(@Nullable
                                     java.util.List<java.lang.String> types)

Set the list of supported MIME types for use in Accept request header and validation of response Content-Type header. Values will be effectively lower-cased at runtime.

Parameters:

types - the new supported content types to set

initMetadataResolver

protected void initMetadataResolver()
                             throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Subclasses should override this method to perform any initialization logic necessary. Default implementation is a no-op.

Overrides:

initMetadataResolver in class AbstractDynamicMetadataResolver

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException - thrown if there is a problem initializing the provider

doDestroy

protected void doDestroy()

Overrides:

doDestroy in class AbstractDynamicMetadataResolver

fetchFromOriginSource

@Nullable
protected XMLObject fetchFromOriginSource(@Nonnull
                                                    net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                             throws java.io.IOException

Fetch the metadata from the origin source.

Specified by:

fetchFromOriginSource in class AbstractDynamicMetadataResolver

Parameters:

criteria - the input criteria set

Returns:

the resolved metadata root XMLObject, or null if metadata could not be fetched

Throws:

java.io.IOException - if there is a fatal error fetching metadata from the origin source

checkTLSCredentialTrusted

protected void checkTLSCredentialTrusted(org.apache.http.client.protocol.HttpClientContext context,
                                         org.apache.http.client.methods.HttpUriRequest request)
                                  throws javax.net.ssl.SSLPeerUnverifiedException

Check that trust engine evaluation of the server TLS credential was actually performed.

Parameters:

context - the current HTTP context instance in use

request - the HTTP URI request

Throws:

javax.net.ssl.SSLPeerUnverifiedException - thrown if the TLS credential was not actually evaluated by the trust engine

buildHttpRequest

@Nullable
protected org.apache.http.client.methods.HttpUriRequest buildHttpRequest(@Nonnull
                                                                                   net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)

Build an appropriate instance of HttpUriRequest based on the input criteria set.

Parameters:

criteria - the input criteria set

Returns:

the newly constructed request, or null if it can not be built from the supplied criteria

buildRequestURL

@Nullable
protected abstract java.lang.String buildRequestURL(@Nonnull
                                                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)

Build the request URL based on the input criteria set.

Parameters:

criteria - the input criteria set

Returns:

the request URL, or null if it can not be built based on the supplied criteria

buildHttpClientContext

protected org.apache.http.client.protocol.HttpClientContext buildHttpClientContext()

Build the HttpClientContext instance which will be used to invoke the HttpClient request.

Returns:

a new instance of HttpClientContext