Package se.swedenconnect.opensaml.saml2.metadata.provider

Class HTTPMetadataProvider

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
se.swedenconnect.opensaml.saml2.metadata.provider.AbstractMetadataProvider
se.swedenconnect.opensaml.saml2.metadata.provider.HTTPMetadataProvider
All Implemented Interfaces:
net.shibboleth.shared.component.Component, net.shibboleth.shared.component.DestructableComponent, net.shibboleth.shared.component.InitializableComponent, MetadataProvider
public class HTTPMetadataProvider extends AbstractMetadataProvider
A provider that downloads metadata from a HTTP resource.
Author:
Martin Lindström (martin@idsec.se)
See Also:
  • HTTPMetadataResolver
  • FileBackedHTTPMetadataResolver

  • Constructor Details

    • HTTPMetadataProvider

      public HTTPMetadataProvider(String metadataUrl, String backupFile) throws net.shibboleth.shared.resolver.ResolverException
      Creates a provider that periodically downloads data from the URL given by metadataUrl. If the backupFile parameter is given the provider also stores the downloaded metadata on disk as backup.

      This constructor will initialize the underlying MetadataResolver with a default HttpClient instance that is initialized according to createDefaultHttpClient().

      Parameters:
      metadataUrl - the URL to use when downloading metadata
      backupFile - optional path to the file to where the provider should store downloaded metadata
      Throws:
      net.shibboleth.shared.resolver.ResolverException - if the supplied metadata URL is invalid

    • HTTPMetadataProvider

      public HTTPMetadataProvider(String metadataUrl, String backupFile, org.apache.hc.client5.http.classic.HttpClient httpClient) throws net.shibboleth.shared.resolver.ResolverException
      Creates a provider that periodically downloads data from the URL given by metadataUrl. If the backupFile parameter is given the provider also stores the downloaded metadata on disk as backup.
      Parameters:
      metadataUrl - the URL to use when downloading metadata
      backupFile - optional path to the file to where the provider should store downloaded metadata
      httpClient - the HttpClient that should be used to download the metadata
      Throws:
      net.shibboleth.shared.resolver.ResolverException - if the supplied metadata URL is invalid

  • Method Details

    • createDefaultHttpClient

      public static org.apache.hc.client5.http.classic.HttpClient createDefaultHttpClient() throws net.shibboleth.shared.resolver.ResolverException
      Creates a default HttpClient instance that uses system properties and sets a SSLSocketFactory that is configured in a "no trust" mode, meaning that all peer certificates are accepted and no hostname check is made.

      TLS security parameters, such as a trust engine, may later be added by assigning a configured HttpClientSecurityParameters instance in the constructor.

      Returns:
      a default HttpClient instance
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for errors creating the client

    • createDefaultHttpClient

      public static org.apache.hc.client5.http.classic.HttpClient createDefaultHttpClient(KeyStore trustKeyStore, HostnameVerifier hostnameVerifier) throws net.shibboleth.shared.resolver.ResolverException
      Creates a HttpClient instance that sets up a trust manager that accepts all certificates supplied in the trustKeyStore parameter. The hostnameVerifier parameter tells which hostname verifier that should be used. If not supplied, a DefaultHostnameVerifier will be used.
      Parameters:
      trustKeyStore - a KeyStore holding the certificates that should be accepted (if null, all certificates are accepted)
      hostnameVerifier - the HostnameVerifier to use (if null a DefaultHostnameVerifier is used)
      Returns:
      a HttpClient instance
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for errors creating the client

    • getID

      public String getID()
      Returns the identifier for the provider.
      Returns:
      the identifier

    • getMetadataResolver

      public org.opensaml.saml.metadata.resolver.MetadataResolver getMetadataResolver()
      Returns the underlying OpenSAML metadata resolver.
      Returns:
      OpenSAML metadata resolver

    • createMetadataResolver

      protected void createMetadataResolver(boolean requireValidMetadata, boolean failFastInitialization, org.opensaml.saml.metadata.resolver.filter.MetadataFilter filter) throws net.shibboleth.shared.resolver.ResolverException
      Creates the specific MetadataResolver instance for the provider implementation.

      The filter parameter is a MetadataFilter that must be installed for the resolver. Any other filters that should be installed by the specific instance should be placed last in a filter chain.

      Specified by:
      createMetadataResolver in class AbstractMetadataProvider
      Parameters:
      requireValidMetadata - should be passed into MetadataResolver.setRequireValidMetadata(boolean)
      failFastInitialization - should be passed into AbstractMetadataResolver.setFailFastInitialization(boolean) (if applicable)
      filter - filter that must be installed for the resolver
      Throws:
      net.shibboleth.shared.resolver.ResolverException - for errors creating the resolver

    • initializeMetadataResolver

      protected void initializeMetadataResolver() throws net.shibboleth.shared.component.ComponentInitializationException
      Initializes the metadata resolver.
      Specified by:
      initializeMetadataResolver in class AbstractMetadataProvider
      Throws:
      net.shibboleth.shared.component.ComponentInitializationException - for initialization errors

    • destroyMetadataResolver

      protected void destroyMetadataResolver()
      Destroys the metadata resolver.
      Specified by:
      destroyMetadataResolver in class AbstractMetadataProvider