Package se.swedenconnect.opensaml.saml2.metadata.provider

Class AbstractMetadataProvider

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
All Implemented Interfaces:
net.shibboleth.shared.component.Component, net.shibboleth.shared.component.DestructableComponent, net.shibboleth.shared.component.InitializableComponent, MetadataProvider
Direct Known Subclasses:
CompositeMetadataProvider, FilesystemMetadataProvider, HTTPMetadataProvider, MDQMetadataProvider, ProxyMetadataProvider, StaticMetadataProvider
public abstract class AbstractMetadataProvider extends net.shibboleth.shared.component.AbstractInitializableComponent implements MetadataProvider
Abstract base class for the MetadataProvider interface.
Author:
Martin Lindström (martin@idsec.se)

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    protected static class 
    AbstractMetadataProvider.EntityDescriptorIterator
    Iterates over EntitiesDescriptor or EntityDescriptor.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractMetadataProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.opensaml.saml.metadata.resolver.filter.MetadataFilter
    createFilter()
    Creates the filter(s) that this instance should be configured with.
    protected abstract void
    createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter)
    Creates the specific MetadataResolver instance for the provider implementation.
    protected abstract void
    destroyMetadataResolver()
    Destroys the metadata resolver.
    protected void
    doDestroy()
    protected final void
    doInitialize()
    org.opensaml.saml.saml2.metadata.EntityDescriptor
    getEntityDescriptor(String entityID)
    Returns the entity descriptor identified by the given entityID.
    org.opensaml.saml.saml2.metadata.EntityDescriptor
    getEntityDescriptor(String entityID, QName role)
    Returns the entity descriptor identified by the given entityID and given role.
    List<org.opensaml.saml.saml2.metadata.EntityDescriptor>
    getIdentityProviders()
    Utility method that returns a list of entity descriptors for Identity Providers found in the metadata.
    Instant
    getLastUpdate()
    Returns the time the currently available metadata was last updated.
    org.opensaml.core.xml.XMLObject
    getMetadata()
    Returns the XML element making up the metadata for the federation.
    Element
    getMetadataDOM()
    Returns the DOM element making up the metadata for the federation.
    List<org.opensaml.saml.saml2.metadata.EntityDescriptor>
    getServiceProviders()
    Utility method that returns a list of entity descriptors for Service Providers found in the metadata.
    List<X509Certificate>
    getSignatureVerificationCertificates()
    Gets the certificate that is to be used when verifying the signature on downloaded metadata.
    protected abstract void
    initializeMetadataResolver()
    Initializes the metadata resolver.
    Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor>
    iterator()
    Returns an iterator for all entity descriptors held by the provider.
    Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor>
    iterator(QName role)
    Returns an iterator for all entity descriptors having the given role.
    void
    refresh()
    Refresh the metadata handled by the provider.
    void
    setExclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> exclusionPredicates)
    Assigns a list of exclusion predicates that will be applied to downloaded metadata.
    void
    setFailFastInitialization(boolean failFast)
    Sets whether problems during initialization should cause the provider to fail or go on without metadata.
    void
    setInclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> inclusionPredicates)
    Assigns a list of inclusion predicates that will be applied to downloaded metadata.
    void
    setKeepOnlySpAndIdps(boolean keepOnlySpAndIdps)
    Tells whether we should keep only SP and IdP role descriptors.
    protected void
    setMetadata(org.opensaml.core.xml.XMLObject metadata)
    Assigns the metadata that was downloaded.
    void
    setPerformSchemaValidation(boolean performSchemaValidation)
    Assigns whether XML schema validation should be performed on downloaded metadata.
    void
    setRequireValidMetadata(boolean requireValidMetadata)
    Sets whether the metadata returned by queries must be valid.
    void
    setSignatureVerificationCertificate(X509Certificate signatureVerificationCertificate)
    Assigns the certificate that is to be used when verifying the signature on downloaded metadata.
    void
    setSignatureVerificationCertificates(List<X509Certificate> signatureVerificationCertificates)
    Assigns the certificates that are to be used when verifying the signature on downloaded metadata.

    Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

    checkComponentActive, checkSetterPreconditions, destroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface net.shibboleth.shared.component.DestructableComponent

    destroy, isDestroyed

    Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

    initialize, isInitialized

    Methods inherited from interface se.swedenconnect.opensaml.saml2.metadata.provider.MetadataProvider

    getID, getMetadataResolver

  • Constructor Details

    • AbstractMetadataProvider

      public AbstractMetadataProvider()

  • Method Details

    • getMetadata

      public org.opensaml.core.xml.XMLObject getMetadata()
      Returns the XML element making up the metadata for the federation. This element is either an EntityDescriptor or an EntitiesDescriptor.
      Specified by:
      getMetadata in interface MetadataProvider
      Returns:
      an XML element

    • getMetadataDOM

      public Element getMetadataDOM() throws org.opensaml.core.xml.io.MarshallingException
      Returns the DOM element making up the metadata for the federation.
      Specified by:
      getMetadataDOM in interface MetadataProvider
      Returns:
      a DOM element
      Throws:
      org.opensaml.core.xml.io.MarshallingException - for XML marshalling errors

    • getLastUpdate

      public Instant getLastUpdate()
      Returns the time the currently available metadata was last updated.
      Specified by:
      getLastUpdate in interface MetadataProvider
      Returns:
      time when the currently metadata was last updated, or null if no metadata has been successfully loaded

    • refresh

      public void refresh() throws net.shibboleth.shared.resolver.ResolverException
      Refresh the metadata handled by the provider.

      An implementation that does not support refresh should implement this operation as a no-op. Implementations that do support refresh of metadata should typically be either synchronized or make use other locking mechanisms to protect against concurrent access.

      Specified by:
      refresh in interface MetadataProvider
      Throws:
      net.shibboleth.shared.resolver.ResolverException - if the refresh operation was unsuccessful

    • iterator

      public Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> iterator()
      Returns an iterator for all entity descriptors held by the provider.
      Specified by:
      iterator in interface MetadataProvider
      Returns:
      an iterator for all entity descriptors

    • iterator

      public Iterable<org.opensaml.saml.saml2.metadata.EntityDescriptor> iterator(QName role)
      Returns an iterator for all entity descriptors having the given role.

      To list all IdP:s and SP:s do: 

       
 idps = provider.iterator(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
 sps = provider.iterator(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
      Specified by:
      iterator in interface MetadataProvider
      Parameters:
      role - role descriptor
      Returns:
      an iterator for all matching entity descriptors
      See Also:

    • getEntityDescriptor

      public org.opensaml.saml.saml2.metadata.EntityDescriptor getEntityDescriptor(String entityID) throws net.shibboleth.shared.resolver.ResolverException
      Returns the entity descriptor identified by the given entityID.
      Specified by:
      getEntityDescriptor in interface MetadataProvider
      Parameters:
      entityID - the unique entityID for the entry
      Returns:
      an entity descriptor or null if no entry is found
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for underlying metadata errors

    • getEntityDescriptor

      public org.opensaml.saml.saml2.metadata.EntityDescriptor getEntityDescriptor(String entityID, QName role) throws net.shibboleth.shared.resolver.ResolverException
      Returns the entity descriptor identified by the given entityID and given role.
      Specified by:
      getEntityDescriptor in interface MetadataProvider
      Parameters:
      entityID - the entity ID
      role - the role descriptor
      Returns:
      an entity descriptor or null if no matching entry is found
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for underlying metadata errors

    • getIdentityProviders

      public List<org.opensaml.saml.saml2.metadata.EntityDescriptor> getIdentityProviders() throws net.shibboleth.shared.resolver.ResolverException
      Utility method that returns a list of entity descriptors for Identity Providers found in the metadata.
      Specified by:
      getIdentityProviders in interface MetadataProvider
      Returns:
      a list of entity descriptors
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for metadata errors

    • getServiceProviders

      public List<org.opensaml.saml.saml2.metadata.EntityDescriptor> getServiceProviders() throws net.shibboleth.shared.resolver.ResolverException
      Utility method that returns a list of entity descriptors for Service Providers found in the metadata.
      Specified by:
      getServiceProviders in interface MetadataProvider
      Returns:
      a list of entity descriptors
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for metadata errors

    • setMetadata

      protected void setMetadata(org.opensaml.core.xml.XMLObject metadata)
      Assigns the metadata that was downloaded.
      Parameters:
      metadata - metadata object

    • doInitialize

      protected final void doInitialize() throws net.shibboleth.shared.component.ComponentInitializationException
      Overrides:
      doInitialize in class net.shibboleth.shared.component.AbstractInitializableComponent
      Throws:
      net.shibboleth.shared.component.ComponentInitializationException

    • createFilter

      protected org.opensaml.saml.metadata.resolver.filter.MetadataFilter createFilter() throws net.shibboleth.shared.component.ComponentInitializationException
      Creates the filter(s) that this instance should be configured with.
      Returns:
      a metadata filter
      Throws:
      net.shibboleth.shared.component.ComponentInitializationException - if filters fails to initialize

    • doDestroy

      protected void doDestroy()
      Overrides:
      doDestroy in class net.shibboleth.shared.component.AbstractInitializableComponent

    • createMetadataResolver

      protected abstract void createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) throws net.shibboleth.shared.resolver.ResolverException
      Creates the specific MetadataResolver instance for the provider implementation.

      The filter parameter is a MetadataFilter that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.

      Parameters:
      requireValidMetadata - should be passed into MetadataResolver.setRequireValidMetadata(boolean)
      failFastInitialization - should be passed into AbstractMetadataResolver.setFailFastInitialization(boolean) (if applicable)
      filter - filter that must be installed for the resolver
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for errors creating the resolver

    • initializeMetadataResolver

      protected abstract void initializeMetadataResolver() throws net.shibboleth.shared.component.ComponentInitializationException
      Initializes the metadata resolver.
      Throws:
      net.shibboleth.shared.component.ComponentInitializationException - for initialization errors

    • destroyMetadataResolver

      protected abstract void destroyMetadataResolver()
      Destroys the metadata resolver.

    • setRequireValidMetadata

      public void setRequireValidMetadata(boolean requireValidMetadata)
      Sets whether the metadata returned by queries must be valid.
      Parameters:
      requireValidMetadata - whether the metadata returned by queries must be valid

    • setFailFastInitialization

      public void setFailFastInitialization(boolean failFast)
      Sets whether problems during initialization should cause the provider to fail or go on without metadata. The assumption being that in most cases a provider will recover at some point in the future.
      Parameters:
      failFast - whether problems during initialization should cause the provider to fail

    • setSignatureVerificationCertificate

      public void setSignatureVerificationCertificate(X509Certificate signatureVerificationCertificate)
      Assigns the certificate that is to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.
      Parameters:
      signatureVerificationCertificate - the certificate to assign

    • setSignatureVerificationCertificates

      public void setSignatureVerificationCertificates(List<X509Certificate> signatureVerificationCertificates)
      Assigns the certificates that are to be used when verifying the signature on downloaded metadata. If this attribute is assigned the provider is configured to expect a valid signature on downloaded metadata.

      The reason that more than one certificate may be assigned is that we want to be able to handle signing certificate updates in a smooth way.

      Parameters:
      signatureVerificationCertificates - the certificates to assign

    • getSignatureVerificationCertificates

      public List<X509Certificate> getSignatureVerificationCertificates()
      Gets the certificate that is to be used when verifying the signature on downloaded metadata.
      Returns:
      the certificates or null

    • setPerformSchemaValidation

      public void setPerformSchemaValidation(boolean performSchemaValidation)
      Assigns whether XML schema validation should be performed on downloaded metadata.
      Parameters:
      performSchemaValidation - whether schema validation should be performed

    • setKeepOnlySpAndIdps

      public void setKeepOnlySpAndIdps(boolean keepOnlySpAndIdps)
      Tells whether we should keep only SP and IdP role descriptors. The default is true.
      Parameters:
      keepOnlySpAndIdps - whether to keep only SPs and IdPs.

    • setInclusionPredicates

      public void setInclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> inclusionPredicates)
      Assigns a list of inclusion predicates that will be applied to downloaded metadata.
      Parameters:
      inclusionPredicates - predicates
      See Also:

    • setExclusionPredicates

      public void setExclusionPredicates(List<Predicate<org.opensaml.saml.saml2.metadata.EntityDescriptor>> exclusionPredicates)
      Assigns a list of exclusion predicates that will be applied to downloaded metadata.
      Parameters:
      exclusionPredicates - predicates
      See Also: